Over $10 Million Lost Due to Android Malware Scams in S’pore in the First Half of 2023


Android Users Lose Over S$10 Million to Scams in Over 750 Cases

In the constant battle between Apple and Android, they have always tried to outdo one another. 

Whether it is varying charging ports, new colours, or even adding extra cameras, Apple and Android phones will forever divide the populace. 

But perhaps one piece of news that could sway you in a particular direction (#notsponsored) is that there have been more than 750 cases of Android users falling prey to malware scams in just the first half of 2023.

Android users—maybe news of the iPhone 15 is a sign to switch camps?

Anyways, you can watch this video to know more about iPhone 15:

Including Over S$200K in CPF Across 11 Cases

Of the over 750 cases of scam victims, 11 involved the unauthorised withdrawal of Central Provident Fund (CPF) savings.

This amounted to at least S$218K in CPF savings.

However, the Singapore Police Force’s (SPF) Anti-Scam Command was able to recover approximately S$88K of said CPF savings.

This harrowing amount of money lost amid the rampant rise in scams and cybercrime prompted SPF and the Cyber Security Agency of Singapore (CSA) to put out a joint advisory.

There, they highlighted some tactics that scammers used, including:

Image: police.gov.sg
  1. Enticing Promotions – Use of eye-catching advertisements with attractive offers and promotions
  2. Inauthentic Behaviour and Bots – Use of bots to “exhibit human-like behaviour” to “enhance the illusion of legitimacy”, for example, responding to messages and leaving positive reviews for the goods and services they allegedly offer
  3. Building Trust – Using colloquialisms or Singlish to “create a false sense of familiarity”
  4. Social Engineering – Gathering personal information about victims using “seemingly perceptive questions, such as the victim’s address and dietary preferences”
  5. Deceptive Tactics – Like requesting a small deposit or issuing a “professional-looking invoice” to make transactions seem real
Image: police.gov.sg

Installation of Malicious Apps

Many of these fraudsters have also increasingly been deceiving people into installing malicious applications on their phones.


Through these apps, they can access their victim’s phones to steal sensitive information and/or perform fraudulent transactions.

In a press release on Wednesday, the SPF said that victims generally responded to service-related adverts like home cleaning and pet grooming on social media platforms.

These scammers would then send them a WhatsApp link for them to make payment and often required victims to download an Android operating system application.

Once these apps are downloaded, scammers can gather the victim’s internet banking credentials and/or card details to make unauthorised transactions.

Here’s a short video of how it works:

MAS and Banks Making Changes to Prevent this From Happening

The Monetary Authority of Singapore (MAS) is working closely with banks to “progressively introduce additional measures” to combat such malware scams.

Back in August, OCBC became the first bank in Singapore to block access to OCBC bank accounts if the mobile phone has other apps on it that are either:

  • Downloaded from websites and sources other than the official app stores
  • Have the ‘Accessibility’ permission turned on

This has prevented some users from losing money to scammers, but it has also drawn some negative feedback from others after apps like Alipay were among those flagged out by the new feature.

Image: ocbc.com

Some people even called out OCBC for using this feature to spy on them.

If you’d like a quick rundown of all of that, watch the video below to see why OCBC denies spying on people with its new security feature.


The police did say, however, that “while there may be some measure of added inconvenience for customers, these additional anti-malware measures are necessary to protect customers from malware-related scams.”

Better safe than sorry, y’all – you don’t want to add to the growing pool of S$10 million in lost money.

If you’re worried about the CPF side as well, back in June, additional authentication measures were also introduced to better protect CPF members, which includes facial verification.

Moral of the story?

Don’t tam chiak too hard for those too-good-to-be-true deals and stay vigilant to all those sus links.