We would like to draw the public’s attention to the police advisory on the emergence of scams involving malware that infects android devices to siphon out funds from CPF accounts and bank accounts on 17 June 2023 and the police news release on nine arrested for suspected involvement in banking-related phishing scam cases involving malware on 24 June 2023. Please refer to Annex A (PDF, 0.2MB) and Annex B (PDF, 0.5MB) for Police’s earlier press releases.
There have been more than 700 reports of malware-related scams between January and June 2023. Losses in these cases amounted to about $8 million, and so far (investigations are still ongoing), we have found that eight of the malware scams involved CPF savings, with an aggregate net loss of $124,000.
In such malware scams, the victim uses his Android phone to click on a Facebook or other social media advertisement selling an item at a steep discount and receives a link to download an Android Package Kit (or APK) from a non-official app-store to facilitate the purchase. Upon downloading the APK, a malware is installed on the phone. The scammer then convinces the victim via a phone call or text message to turn on accessibility services on his Android phone. Doing so weakens the security of the phone and allows the scammer to take full control of the phone. This means that the scammer can log every keystroke and steal banking credentials stored in the phone. This allows the scammer to remotely log in to the victim’s banking apps, add money mules as payees, raise payment limits and transfer monies out to money mules. The scammer can further delete SMS and email notifications of that bank transfer to cover his tracks. Additionally, the scammer may log in to the victim’s CPF account through Singpass to make a withdrawal. Although CPF withdrawals can only be paid to a bank account verified to belong to the CPF member, the scammer can subsequently transfer the money out from that bank account using stolen banking credentials from the phone.
The public can “ACT”1 against scams and take the following actions to protect themselves:
a) Only download applications from official app stores2 to avoid malware being installed, especially for android users;
b) Exercise the greatest of caution when turning on the phone’s accessibility3 services or allowing access as doing so will weaken the security of the phone;
c) Always expeditiously update the mobile phone with the latest security patches.
For more information, visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688.
As a further precaution, CPF Board and GovTech had urgently introduced the Singpass Face Verification (SFV) during the login to protect vulnerable CPF members who access CPF e-services. While this may make it less convenient for members to access CPF online services, we seek CPF members’ understanding that it might be better to be safe than sorry. Members with enquiries on SFV can visit www.go.gov.sg/singpass-faq, visit any Singpass counter islandwide (www.go.gov.sg/singpass-counters) or contact Singpass helpdesk at +65 6335 3533 between 9am and 6pm.
The Police will spare no effort to track down the cybercriminals who are responsible for the banking-related malware incidents and will continue to take tough enforcement actions against those who flout the law. To avoid being an accomplice in these crimes, members of the public should always reject seemingly attractive money-making opportunities promising fast and easy pay-outs for the use of their Singpass accounts, bank accounts, or for allowing their personal bank accounts to be used to receive and transfer money for others. Individuals will be held accountable if these activities are found to be linked to such crimes.
1 Information on the Add, Check, Tell (ACT) framework can be found at para 6 of Annex A (PDF, 0.2MB).
2 Examples include Google Play Store and Apple Store
3 The Cyber Security Agency of Singapore (CSA) and the Singapore Police Force (SPF) had issued a joint advisory on the importance of reviewing permissions for applications in Android devices. For more information, please visit www.csa.gov.sg/alerts-advisories/Advisories/2023/ad-2023-011.