S’pore Mooncake Scam Cost 27 Victims S$325K, Police Warn Against Clicking Suspicious ‘Payment’ Links

Police Warn Against New Scam Involving Online Mooncake Sales

At least 27 people have fallen prey to a new scam that involves mooncake sales, having lost a total of about S$325,000 in August.

These people have attempted to buy the festive pastry through Facebook and Instagram. The sellers would then direct them via WhatsApp to a link to make payment.

However, these links would contain malicious files that would help the scammers gain remote access to phones and personal data.

As such, the police are advising the public to stay vigilant and adopt precautionary measures, such as adding the ScamShield app and securing their mobile and Internet banking apps.

Mooncake scam payment links are actually malicious APK files

According to The Straits Times (ST), the police issued an advisory against the mooncake scam on Tuesday (5 Sep).

Source: Curated Kitchenware, for illustration purposes only.

Victims fall prey to this new scheme when trying to place orders for the pastry advertised on Facebook and Instagram.

The “sellers” would then direct them to a payment link via WhatsApp. However, these links directed the victims to download an Android Package Kit (APK) file that contains malware.

An APK file is an application for Android operating systems.

Malware allows scammers to steal personal data such as passwords & banking details

Another form of this scam involves the victims making payment first via PayNow or bank transfer.

Later, the “sellers” would inform them that their orders had been cancelled due to manpower or production issues.

They then directed victims to the malicious links to get their money back.

Scammers would gain remote access to the victim’s devices after they have installed the APK files.

This allows them to steal personal data such as passwords and banking credentials, leading to unauthorised transactions from victims’ accounts.

Police urges members of the public to take precautionary measures such as enabling two-factor authentication on banking apps

To protect yourself from similar scams, the police have advised the following precautionary measures:

  • Install the ScamShield app
  • Enable two- or multi-factor authentication for bank apps
  • Set transaction limits on Internet banking transactions
  • Ensure you have installed updated antivirus or anti-malware apps
  • Disable ‘Install Unknown App’ or ‘Unknown Sources’ in your phone settings.
  • Report any fraudulent or unauthorised transactions to your bank immediately, and inform the authorities, family, and friends.

Additionally, if you suspect malware has infected your device, you should:

  • Turn your phone to ‘flight mode’ or ‘airplane mode’
  • Check your bank, Singpass, Central Provident Fund (CPF) accounts for unauthorised transactions using other devices
  • Lodge a report with your bank, the police, and relevant authorities.

For more details about scams, visit the ScamAlert website, or call the anti-scam helpline at 1800-722-6688.

Also read: OCBC Adds Security Feature To Fight Malware Scams, Requires Users To Delete Sus Mobile Apps

OCBC Adds Security Feature To Fight Malware Scams, Requires Users To Delete Sus Mobile Apps

Have news you must share? Get in touch with us via email at news@mustsharenews.com.

Featured image adapted from Romix Image/Shutterstock via TastingTable, for illustration purposes only. 

  • More From Author