Police warn of new loan scam variant where 9 victims lost $18,000, Latest Singapore News - The New Paper
Singapore

Police warn of new loan scam variant where 9 victims lost $18,000

At least nine victims have fallen prey to a new variant of loan scams affecting Android users, where they had personal information stolen by fraudsters through malware, and lost a total of about $18,000 between July and mid-August.

According to the police, the victims either came across advertisements offering loans on social media platforms like Facebook, or received unsolicited text messages on applications like WhatsApp.

Once they expressed interest in taking a loan, they were sent a link to download an app, which turned out to be malicious and stole their personal data. The malware came in the form of an Android Package Kit file – the file format Android uses to distribute and install apps.

When installed, the malware was able to track the user’s location, obtain one-time passwords on SMSes, and access contact numbers, photos, videos, installed apps, and other documents.

After enticing victims into taking up loans with attractive interest rates, the scammers asked them to pay various “fees” to secure the loans.

“If victims refused to pay the fees or tried to cancel their loan application, the scammers would use the victim’s personal data collected by the malware to extort them into paying the fees,” said the police in a statement on Tuesday.

The scammers threatened to expose victims’ compromising photographs, for example, or harass people in their contact list.

Victims transferred money to the scammers out of fear.

Separately, the police and the Cyber Security Agency of Singapore (CSA) have issued a joint advisory to highlight the “increasingly sophisticated tactics” scammers use, to steal sensitive information from people’s Android devices.

Scammers may first use social engineering tactics to lure potential victims to install malicious apps on their Android devices. These tactics include attractive online offers or advertisements, and impersonating the victim’s friends, or government and banking officials.

Once the scammers have gained their victims’ trust, the victims will be told to download malicious apps, often through unofficial channels, and bypass security controls. Those who use iPhones may be directed to borrow a friend’s or family member’s Android device to “complete the order”. Victims would realise that they have been duped only when the scammers become uncontactable.

The police and CSA said that the openness of the Android operating platform – which allows for greater flexibility and customisation for developers and users – makes it an appealing platform for scammers.

“However, it is important to note that Android devices are not fundamentally less secure than other mobile operating systems, as scammers are unable to bypass Android’s security controls to install the malware unless users are deceived,” the joint statement said.

“Users of Android devices are advised to be aware of the potential risks and to follow the best practices to safeguard their devices.”

The police and CSA advised people to be sceptical of offers that are too good to be true, and verify these offers before sharing them to friends and family. People should also avoid installing unknown apps, to be wary of unusual payment requests, and to report suspicious content.

Those who suspect that they have been scammed should switch the device to flight mode immediately to cut off the scammers’ access to the device; run an anti-virus check to detect and remove any malware; check for any unauthorised transactions and inform the bank about the incident.

They should also report the incident to the police at a neighbourhood police post or online at https://eservices.police.gov.sg. Victims may also wish to report the incident to SingCERT at https://go.gov.sg/singcert-incident-reporting-form.

As a precaution, users can also do a factory reset of their phone and change important passwords.

The police also advised members of the public to install anti-virus apps to their phones from the official Play Store or App Store and update their device’s operating systems regularly, so they can be protected by the latest security patches.

They should also disable “install unknown app” or “unknown sources” in their phone settings, and not grant permission to persistent pop-ups that request for access to their device’s hardware or data.

For more information on scams, the public can visit scamalert.sg or call the anti-scam hotline on 1800-722-6688.

policeSCAMSMOBILE APPS