In an island-wide anti-scam enforcement operation conducted between 26 and 30 June 2023, the Commercial Affairs Department (CAD) and Police Intelligence Department (PID) arrested 10 men and two women, aged between 19 and 35, and a 16-year-old youth, for their suspected involvement in the recent spate of banking-related malware scam cases. Another nine men and a woman, aged between 17 and 65, are assisting in the investigations.
Since January 2023, the Police have received increasing reports informing that malware was used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims’ bank accounts even though they did not divulge their Internet banking credentials, One-Time-Passwords (OTPs) or Singpass credentials to anyone. In these cases, the victims responded to advertisements (e.g., on cleaning services, pet grooming, food items such as seafood and groceries, etc.) on social media platforms like Facebook and were later instructed by the scammers to download Android Package Kit (or APK) from non-official app-store to facilitate the purchase, leading to malware being installed on the victims’ mobile devices. The scammers then convince the victims via phone calls or text messages to turn on accessibility services on their Android phones. Doing so weakens the phones’ security and allows the scammer to take full control of the phones. This means that the scammers can log every keystroke and steal banking credentials stored in the phones and allows the scammer to remotely log in to the victims’ banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules. The scammers can further delete SMS and email notifications of that bank transfer to cover their tracks.
During the five-day operation, officers from the CAD and PID mounted simultaneous island-wide operations and arrested the 13 persons. Preliminary investigations revealed that seven men and two women, aged between 19 and 27, and the 16-year-old youth, had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and or disclosing Singpass credentials for monetary gains. The other three men, aged 20 and 35, are believed to have withdrawn money from some of the money mules’ bank accounts and handed the money to unknown persons.
Police investigations are ongoing. The offence of acquiring benefits from criminal conduct under Section 54(5)(a) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992, carries an imprisonment of up to 10 years, a fine of up to $500,000, or both. For deceiving the banks into opening bank accounts that were not meant for their own use and relinquishing their bank account login details, they are liable under Section 417 read with Section 109 of the Penal Code 1871 and Section 3(1) of the Computer Misuse Act 1993 respectively. The offence of cheating under Section 417 of the Penal Code 1871 carries an imprisonment term of up to three years, or with a fine, or both, while the offence under Section 3(1) of the Computer Misuse Act 1993 carries a fine of up to $5,000, or an imprisonment term of up to two years, or both. For disclosing their Singpass credentials under Section 8 of the Computer Misuse Act 1993, they are liable to an imprisonment term not exceeding three years, a fine of up to $10,000, or both.
Advisory Against Downloading of Malicious Apps
The Police would like to remind members of the public that they should not click on suspicious links, scan unknown QR codes, or download mobile apps from third-party websites or unknown sources. These unverified apps may contain malware, which can severely compromise the security of mobile devices. Instead, members of the public are reminded to only download apps from official app stores. Before downloading any app, check the number of downloads and user reviews. Always be wary of any requests for banking credentials or money transfers and attractive offers that sound too good to be true. Lastly, members of the public are advised to turn on security settings, such as disallowing installation of apps from unknown sources, to help protect their devices.
The Police will spare no effort to track down cybercriminals responsible for banking-related malware incidents and will continue to take tough enforcement actions against those who flout the law. To avoid being an accomplice in these crimes, members of the public should always reject seemingly attractive money-making opportunities promising fast and easy pay-outs for the use of their Singpass accounts, bank accounts, or for allowing their personal bank accounts to be used to receive and transfer money for others. The Police would like to remind members of the public that individuals will be held accountable if they are found to be linked to such crimes.
For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688. Anyone with information on such scams may call the Police Hotline at 1800-255-0000 or submit information online at www.police.gov.sg/iwitness. All information will be kept strictly confidential.
Persons arrested ▼
Case exhibits seized ▼
SINGAPORE POLICE FORCE
01 July 2023 @ 1:00 PM