In September, Singapore experienced a surge in fraudulent activities
involving counterfeit travel packages promoted on social media
platforms, resulting in losses exceeding S$1.2 million (US$877,000).
At least 43 people were affected by these scams, which targeted users
on platforms like Facebook and Instagram, according to a statement by
the Singapore Police Force released on 5 October.
How the scam works
The fraudulent travel packages encompass cruises, tours, concerts, and unique durian tours.
The scammers operate by posting enticing ads for a variety of travel
packages, including cruises, tours, concerts, and even durian tours.
Once users express interest in these offers, the scammers move the
conversation to WhatsApp, where they instruct victims to download an
Android Package Kit (APK) file to make payment.
APK files are installation files used for Android apps. However,
these particular APK files contain malware. When victims install them,
the malware allows scammers to remotely access their devices, giving
them the ability to steal sensitive information like banking credentials
and passwords.
In some cases, victims are tricked into entering their internet
banking login details through a fake banking website within the
malicious app. They might also be instructed to make payments using
PayNow or bank transfers for booking fees. As a result, unauthorised
transactions are made from their bank accounts, leaving victims in
financial distress.
What to do
Such scams are widespread and can target anyone. Instructing the
public to refrain from downloading apps from untrustworthy or suspicious
origins, The Singapore Police Force is urging individuals to take the
following recommended steps:
Protection from scams
- Install Security Apps and keep them updated.
- Regularly update the device's operating system and apps for security.
- Disable app installations from "unknown sources" and deny hardware or data access to pop-ups.
- Only download apps from official stores like Google Play.
- Check developer info, downloads, and user reviews before downloading an app.
If compromise is suspected
- Turn on "flight mode" and disable Wi-Fi.
- Run an antivirus scan to remove malware.
- Check for unauthorised transactions.
- Consider a factory reset and password change as an extra precaution.