27 People Lost $325K in Mooncake Scams From Facebook Advertisements


The Mid-Autumn Festival is coming.

And do you know what else comes with the festival?


It’s a sad truth that festivals today are no longer accompanied by happiness and joy only; scams are along for the ride too.

And this Mid-Autumn is no different.

27 People Lost $325K in Mooncake Scams From Facebook Advertisements

According to the Singapore Police Force, mooncake scams have been on the rise in Singapore.

In August 2023 alone, at least 27 victims have been scammed out of $325,000 by mooncake sale scam on social media.

Image: Singapore Police Force

The scams start with users contacting these “sellers” on social media platforms to place their orders.

The victims will then be directed to WhatsApp where the scammer will send a payment link.

Unknown to the victims, however, the link will lead them to download an Android Package Kit (APK) for a malware-ridden application.

Once the application is installed, it’s game over for the victims. The scammers now have remote access to their devices, giving them access to banking credentials and passwords.


The victims would then discovered unauthorised banking transactions later, when it’s too late.

Don’t Let Down Your Guard

Don’t memorise the steps above because there will definitely be variations. Scammers getting smart nowadays.

Some of the victims were not directed to download an app to make payment.

Instead, they were first directed to make a bank or PayNow transaction.

Then, they were told that their orders could not be fulfilled for some reason, and asked them to download the app for a refund.

The key thing to remember, instead, is to never download third-party applications from unknown sources.

And that if something is too good to be true, it probably is.

Some Ways to Stay Safe

As mentioned, never download third-party applications (aka sideloaded apps) from unknown sources, especially if it’s for a transaction for a product or service.

You can also download and install the Scamshield app and enable 2FA or multifactor authentication on your banking apps.

It also doesn’t hurt to limit the amount on your banking transactions.


Other tips provided by the SPF includes:

  • Have the latest antivirus/anti-malware
  • Disable “Install Unknown App” or “Unknown Sources” setting on the phone

And should you remotely suspect that your phone is already infected by malware, turn on the “Airplane mode” and run your antivirus and anti-malware scan.

But at least now we know why OCBC has “declared war” against sideloaded apps recently, no?

You can watch the video below to find out more: