16-Year-Old & 9 Others Arrested Over Malware Scams That Emptied Victims’ Bank Accounts

10 Arrested By Police For Allegedly Allowing Credentials To Be Used In Android Mobile Malware Scams

This year, there have been multiple reports of people whose bank accounts were emptied after clicking on social media ads and downloading fake apps.

In response, the Singapore Police Force (SPF) has taken action and conducted raids across the island.

A total of 10 people have been arrested so far in connection with these malware scams — the youngest of whom is just 16 years old.

Police conducted raids from 31 July to 11 Aug

In a media release on Saturday (12 Aug), SPF said they conducted an islandwide anti-scam enforcement operation from 31 July to 11 Aug.

Officers from the Commercial Affairs Department (CAD) and Police Intelligence Department (PID) arrested 10 people during these two weeks.

Nine of them were men aged between 18 and 43. The last person was 16 years old.

Six other people — three men and three women — are assisting in investigations. They are between 17 and 60 years old.

10 arrested suspected of involvement in malware scams

The 10 people arrested are suspected of being involved in the recent spate of banking-related malware scam cases, SPF said.

Specifically, they allegedly relinquished their bank accounts and Internet banking credentials and/or disclosed their SingPass credentials.

They allegedly did these in exchange for receiving money, therein facilitating the scams, the police added.

This was revealed in preliminary investigations by the police. Further investigations are ongoing.

Malware scams start when victims respond to social media ads

SPF has been receiving an increasing number of reports on malware scams since January this year, they said.

The victims, all of whom own Android mobile phones, would’ve responded to ads on social media platforms like Facebook.

The ads can be for anything from cleaning services and pet grooming to food items.

Source: Shin Min Daily News on Facebook

They would then be asked to download Android Package Kit (APK) files from app stores that are unofficial.

This would result in malware being installed on their mobile phones.

Additionally, the scammers would convince the victims to turn on accessibility services on their Android phones that allow them to take full control of them.

The scammers would soon be able to remotely log in to victims’ banking apps and transfer cash out from their accounts. To cover their tracks, scammers can even delete SMS and email notifications from the bank.

Victims reported unauthorised transactions from their bank accounts, despite them not revealing their Internet banking credentials, One-Time-Passwords (OTPs) or Singpass credentials.

Victims lose thousands in malware scams

For example, two victims lost S$99,800 of their Central Provident Funds savings after seeing ads for seafood on social media and trying to make a purchase. They were directed to download an APK file that contained malware.

Victims Lose Nearly S$100K Of CPF Savings After Trying To Buy Seafood On Social Media

In January, a 70-year-old man lost close to S$71,000 in just two hours after downloading a fake Google Play app that had malware.

70-Year-Old S’pore Man Loses S$71K From Downloading Fake Google Play App, Warns Others

In July, a woman lost S$28,000 after she installed an app containing malware after clicking on an ad on Facebook.

Single Mum In S’pore Loses S$28,000 After Clicking On Facebook Ad, Account Left With S$4

Up to 10 years’ jail for offenders

The suspects arrested in the latest raids may face charges relating to one or more of the following offences:

  1. Acquiring benefits from criminal conduct (Section 54(5)(a) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992)
  2. Deceiving banks into opening bank accounts that were not meant for their own use (Section 417 read with Section 109 of the Penal Code 1871)
  3. Relinquishing their bank account login details (Section 3(1) of the Computer Misuse Act 1993)
  4. Disclosing their Singpass credentials (Section 8 of the Computer Misuse Act 1993)

If charged and convicted of (1), they face a jail term of up to 10 years and/or a fine of up to S$500,000.

For (2), offenders face jail of up to three years and/or a fine.

Those found guilty of (3) may get a jail term of up to two years and/or a fine of up to S$5,000.

Finally, convictions based on (4) may be sentenced to prison for not more than three years and/or a fine of up to S$10,000.

Let’s hope the raids and possible punishments meted out will discourage more people from abetting scammers and make the online world safer for Singaporeans.

Have news you must share? Get in touch with us via email at news@mustsharenews.com.

Featured image adapted from Singapore Police Force.

  • More From Author