SINGAPORE: Four teenagers were among 11 people arrested for their alleged involvement in a spate of banking-related malware scams, the police said on Saturday.
The teenagers, three male and one female, are aged between 16 and 19. The other seven suspects, six men and one woman, are aged between 20 and 57.
They were nabbed following islandwide anti-scam operations by the Commercial Affairs Department and Police Intelligence Department from Sept 11 to 22.
Another five men and a woman, aged between 21 and 41, are assisting with investigations.
The police said that the 10 people, including the four teenagers, had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and Singpass credentials for monetary gains.
One of the suspects, a 28-year-old, is believed to have withdrawn money from his bank account and handed the money to an unknown person, the police added.
Since January, the police has received an increasing number of reports of unauthorised bank transactions made after victim’s mobile devices were compromised by malware. This was even when the victims did not share their Internet banking credentials, One-Time Passwords or OTPs, or Singpass credentials to anyone.
From January to June, 22,339 scam cases were reported, a 64.5 per cent increase from the 13,576 cases during the same period last year.
However, the total amount victims lost in the first half of this year dipped slightly to $334.5 million, from $342.1 million during the same period last year.
The victims responded to advertisements on social media platforms like Facebook, and were duped into downloading an Android Package Kit from unofficial app stores, which led to malware being installed on their mobile devices.
Subsequently, the scammers convinced the victims via phone calls or text messages to turn on accessibility services on their Android phones, which weakened the phones’ security and allowed scammers to take full control of the victim’s phones.
Scammers could then take note of every keystroke, steal banking credentials stored on the phones, remotely log in and access victims’ banking apps, add money mules as payees, raise payment limits and transfer money to money mules.
The scammers could also delete SMSes and email notifications related to these bank transfers to cover their tracks.
Earlier this month, a woman who wanted to buy mooncakes online lost $76,000 after scammers took control of her phone through a third-party app and siphoned the money from her bank account.
Similarly, in August, a woman who placed an online order for grouper fillets lost over $44,000 after scammers took control of her Android phone and banking details remotely.
The police has advised the public against downloading apps from third-party websites or unknown sources, scan unknown QR codes, or clicking on suspicious links, as these could contain malware. They also advise the public to download apps only from official app stores and to be wary of requests for Singpass and banking credentials or money transfers.
The public can also turn on security settings that disallow the installation of apps from unknown sources.
People should reject attractive money-making opportunities that involve the use of their Singpass accounts or bank accounts for illegal activities, they added.
For more information on scams, the public can visit www.scamalert.sg or call the anti-scam helpline on 1800-722-6688.
Anyone with information on such scams may call the police hotline on 1800-255-0000, or submit information online at www.police.gov.sg/iwitness. - The Straits Times/ANN