Malware Scam Costs Woman $76K in Mooncake Sales; Seeks Refund from DBS
If there are two things that Singaporeans cannot resist this Mid-Autumn season, one would be fragrant snow skin mooncakes and the other would be sweet Mao Shan Wang durians.
Unfortunately, a 51-year-old woman’s quest to find the perfect combination of the two ended in tragedy. After chancing upon a too-good-to-be-true Facebook advert for Mao Shan Wang-flavoured mooncakes, the woman would soon find herself a victim of an online scam that has terrorised more than 27 others.
A 51-year-old Administrative Executive Was Asked to Download A Third-Party App Containing Malware on Her Phone
In an interview with Shin Min Daily News, the woman, who wished to be addressed as Ms Lee, chanced upon a Facebook advertisement from a (fake) bakery called “Sunshine Cake House” on 14 September.
Ms Lee found herself enticed by the offer listed in the advertisement, in which eight boxes of bunny-shaped snow skin mooncakes (with Mao Shan Wang durian filling) were sold at a discounted price of $29.90 from the originally listed $56.90.
As any Singaporean faced with such a good deal would do, Ms Lee decided to purchase two boxes for herself to try out.
After messaging the seller on Facebook, Ms Lee was then added to a WhatsApp chat with a person who posed as a “delivery man”. She was then instructed to download a third-party Android app and was asked to fill in her address and to pay a one-dollar deposit via PayNow to confirm her order.
Being wary of similar scams going around, Ms Lee pretended to not have PayNow and requested the “delivery man” to pay the deposit for her in her stead.
Later, after having difficulties logging in to the mobile banking app on my phone, she deleted the third party application.
Even though she did not notify the “delivery man” about the deletion, he immediately called to tell her that her order had been cancelled, pressing her to download the deleted app again.
Ms Lee finally gave in to his demands, apparently “because he was very courteous.”
The “delivery man” kept texting her about that delivery all day, continually delaying the order’s completion until the last message at around 11 o’clock when she went to bed.
While Ms Lee had checked her bank account at 10pm the same night to find no strange transactions, she woke up the next day to find that her phone had been compromised and was no longer able to access her account.
After hurriedly rushing to the nearest ATM to investigate what happened, she found that a total of $76,538 in her account had been mysteriously withdrawn over four different transactions.
The Woman Had Been Saving Up For a BTO Flat
Despite her best efforts to protect herself from being the victim of a scam, the money that Ms Lee had been painstakingly saving for the down payment and renovation of a new Build-to-Order Flat was lost.
To add salt to the wound, the “delivery man” had apparently texted her that morning about purchasing more mooncakes.
As Ms Lee’s phone had been compromised, she was unable to make any calls and had to plead with several passers-by to use their phones just to call the bank. Immediately after, she lodged a police report.
The authorities have since confirmed that a police report has been filed and investigations are currently ongoing.
Questions Why the Bank Did Not Call Her About Any Strange Transactions
It is safe to say that Ms Lee was certainly enraged by the whole ordeal. Hoping to recover her stolen savings from DBS, she questioned how there were no notifications made to her about the “unusual” transactions happening to her bank account.
In her interview with Shin Min Daily News, Ms Lee acknowledges that she made the mistake of downloading the third-party app that contained malware, she also felt that DBS should have taken responsibility for calling her to notify her of any strange activity made to her account.
Similar Mooncake-Buying Malware Scam Has Affected More than 27 Victims
As it turns out, Ms Lee is not the only victim of this mooncake-buying fiasco. In fact, more than 27 people have fallen victim to this scam in August alone.
In these malware scams, “sellers” direct victims to a WhatsApp chat with texts containing links to “facilitate” their purchase. Upon clicking the links, an Android Package Kit (APK) file containing malware would be downloaded into the victim’s phone.
The scammers would then obtain access to the victims’ devices, letting them steal passwords and retrieve banking credentials to syphon money from their bank accounts.
The police have since advised the public to ensure their devices have updated anti-malware applications installed and to disable “Install Unknown App” or “Unknown Sources” in their phone settings, alongside other measures like downloading the Scamshield app or enabling two-factor authentication for online banking transactions.
If individuals suspect that their phone is infected with malware, they should turn their phone to “flight mode”, run an antivirus scan on their phone, check their bank, Singpass and Central Provident Fund accounts for any unauthorised transactions using other devices, report it to the bank and relevant authorities, and lodge a police report.
To know more about this scam, watch this to the end:
Here’s a simplified summary of the South Korea martial law that even a 5-year-old would understand:
Read Also:
- Salon Allegedly Charged $880 Treatment Package to Elderly Who Has Hearing Difficulties
- Man Replaces M’sia-Registered Car With a S’pore Plate & Drives It Without a Driving Licence
- Confirmed: Allianz Withdraws Its Offer to Buy Income Insurance
- 10th Floor Resident Leaves Baby Stroller On Air Conditioner Compressor
- $400 Worth of Durians Delivered to Customer; Customer Allegedly Takes Durians Without Making Payment
- Woman Borrows Touch ‘N Go Card From S’pore Driver to Cross JB Checkpoint & Didn’t Return Card
Advertisements