Skip to main
  • EMERGENCIES

    999
  • EMERGENCY SMS

    70999
  • HOTLINE

    1800 255 0000
  • I-Witness

Police Advisory On Malware Scams Involving Phishing Links Sent Through Whatsapp

The Police would like to remind members of the public to remain vigilant against malware scams where victims would be sent phishing links through WhatsApp before being deceived into installing malicious applications in their devices.  Since December 2024, at least 82 malware scams have been reported, with total losses amounting to at least $625,000.

In this recent variant, victims would come across advertisements of travel and cleaning services on Facebook or TikTok and would leave their contact details to indicate their interest. Scammers would then contact victims through WhatsApp messaging and request for a $5 payment as a membership fee or an upfront deposit, to be made through a phishing link. After keying in their credit or debit card details, victims would then encounter payment issues.

Scammers would then deceive victims into downloading a malicious application in an Android Package Kit (APK) file format through WhatsApp to resolve the payment issues. The malware would allow scammers to remotely access victims’ devices to steal sensitive information such as SMS OTPs.  With the phished credit or debit card details and access to SMS OTPs, scammers would then perform subsequent unauthorised card transactions either from victims’ mobile device or their own.

In some cases, victims would also be guided to configure settings in their devices to disable Google Play Protect that helps to prevent harmful downloads. Once Google Play Protect is disabled, victims would not receive alerts when they unknowingly downloaded and installed malware into their mobile phones.

Members of the public are encouraged to adopt the following precautionary measures:

  1. ADD – Add the ScamShield application to block scam calls and SMSes. Add anti-virus applications and ensure that these applications are updated to scan for the latest malware. Visit www.csa.gov.sg for more information on the recommended list of anti-virus applications. Ensure that your devices’ operating systems and applications are updated regularly to be protected by the latest security patches. Ensure Google Play protect is enabled on your device and do not heed the scammer’s advice to disable it. Disable “Install Unknown App” or “Unknown Sources” in your phone settings and do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.

  2. CHECK – Check for scam signs with official sources. You can check the legitimacy of suspicious messages, phone numbers and website links via the ScamShield application or visit the ScamShield website at www.scamshield.gov.sg. Only download and install applications from official app stores (eg. Google Play Store). Be wary if you are asked to download unknown applications.

  3. TELL – Tell the authorities, family, and friends about scams. Report and block suspected scam accounts/chat groups. Report any fraudulent transactions to your bank immediately.

If you have already downloaded and installed the application, or suspect that your phone is infected with malware, please take the following steps:

  1. Turn your phone to “flight mode”. Check that Wi-Fi is switched off and do not switch it on.
  2. Run an anti-virus scan on your phone.
  3. Check your bank account/Singpass/CPF etc. for any unauthorised transaction(s) using other device(s).
  4. If there are unauthorised transaction(s), report to the bank, relevant authorities, and lodge a Police report. Continue to keep your phone in “flight mode” and do not do a factory reset before reporting the incident to the Police as this could hinder investigations.
  5. After completing steps a-c, if you believe that your phone has not been infected with malware, you may resume usage of your phone. As a further precaution, you may consider doing a “factory reset” of your phone and changing important passwords. 

If you have any information relating to such crimes or if you are in doubt, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/i-witness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’.

For more information on scams, members of the public can visit www.scamshield.gov.sg  or call the ScamShield Helpline at 1799. Fighting scams is a community effort. Together, we can ACT Against Scams to safeguard our community!

Annex A

Screenshots of WhatsApp Conversation and Phishing Website 


20250110_police_advisory_on_malware_scams_involving_phishing_links_sent_through_whatsapp_1

20250110_police_advisory_on_malware_scams_involving_phishing_links_sent_through_whatsapp_2


PUBLIC AFFAIRS DEPARTMENT
SINGAPORE POLICE FORCE
10 January 2025 @ 10:45 PM
Hover to toggle social media icons SHARE
Hover to toggle social media icons SHARE