Skip to main
The Singapore Police Force is conducting a public perception survey between 7 June 2024 and 6 September 2024. Click here for more information.

The Singapore Police Force is conducting a public perception survey between 7 June 2024 and 6 September 2024. Click here for more information.

Share Your Views @ Reach Report Vulnerability Privacy Statement Terms of Use Sitemap
    Toggle notifications

    • EMERGENCIES

      999

    • EMERGENCY SMS

      71999

    • HOTLINE

      1800 255 0000

    • I-Witness

    Police Advisory On Malware Spreading Through Advertisements Involving Travel Packages

    The Police have observed a variant of malware scam where victims would respond to advertisements relating to the sale of travel packages on social media platforms such as Facebook and Instagram. In September 2023, at least 43 victims have fallen prey, with total losses amounting to at least $1.2 million.

    In this scam variant, victims would come across advertisements (refer to Annex A for screenshots of such advertisements) on Facebook or Instagram promoting cruises, tour packages, concert tours and durian tours. The “sellers” would then engage victims on WhatsApp and subsequently be directed to download an Android Package Kit (APK) over WhatsApp or be directed to malicious links to download the APK to pay booking fees. The APK is an application (app) created for Android’s operating system, that contains malware. After downloading and installing the APK file (which includes granting the app accessibility services), the scammers will be able to access the victim’s device remotely to steal the victim’s banking credentials and passwords. Victims may also be instructed to input their internet banking login details into a fake banking window within the app or be asked to make PayNow/bank transfers for the booking fees. Subsequently, victims would then discover unauthorised transactions from their banking accounts.

    The Police would like to remind members of the public of the danger of downloading apps from third-party or dubious sites. Members of the public are advised to adopt the following precautionary measures:

    ADD – ScamShield to protect yourselves from scam calls and SMSes. Add anti-virus applications and ensure that these apps are updated to scan for the latest malware. Also ensure your devices’ operating systems and applications are updated regularly to be protected by the latest security patches. Please refer to Annex B for the list of recommended anti-virus apps. Disable “Install Unknown App” or “Unknown Sources” in your phone settings and do not grant permission to persistent pop-ups that request for access to your device’s hardware or data.

    CHECK - For scam signs with official sources (e.g. ScamShield WhatsApp bot @ https://go.gov.sg/scamshield-bot, call the Anti-Scam Helpline on 1800-722-6688, or visit www.scamalert.sg). Only download and install applications from official app stores (i.e., Google Play Store for Android). Be wary if asked to download unknown apps in order to purchase items or services on social media platforms. Check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is reputable and legitimate.

    TELL - Authorities, family, and friends about scams. Report the suspicious content or advertisement to Facebook and Instagram. Initiate in-app blocking by reporting the number linked to the advertisement to WhatsApp. Lastly, report any fraudulent transactions to your bank immediately!

    If you have already downloaded and installed the app (which includes granting the app accessibility services) or suspect that your phone is infected with malware, please take the following steps:

    1. Turn your phone to “flight mode”. Check that Wi-Fi is switched off and do not switch it on.

    2. Run an anti-virus scan on your phone.

    3. Check your bank account/Singpass/CPF etc for any unauthorised transaction(s) using other device(s).

    4. If there are unauthorised transaction(s), report to the bank, relevant authorities, and lodge a Police report.

    5. After completing steps a-c, if you believe that your phone has not been infected with malware, you may resume usage of your phone. As a further precaution, you may consider doing a “factory reset” of your phone and changing important passwords.

    If you have any information relating to such crimes or if you are in doubt, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/iwitness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’.

    For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688. Fighting scams is a community effort. Together, we can ACT Against Scams to safeguard our community!

    Annex A

    Screenshots of the fraudulent Facebook advertisement 
    20231005_police_advisory_on_malware_spreading_through_advertisements_of_travel_packages_1

    20231005_police_advisory_on_malware_spreading_through_advertisements_of_travel_packages_2

    20231005_police_advisory_on_malware_spreading_through_advertisements_of_travel_packages_3
     
    Annex B

    List of recommended anti-virus apps by CSA 

    20231005_police_advisory_on_malware_spreading_through_advertisements_of_travel_packages_4

     


    PUBLIC AFFAIRS DEPARTMENT
    SINGAPORE POLICE FORCE
    05 October 2023 @ 9:45 PM
    Hover to toggle social media icons SHARE
    Hover to toggle social media icons SHARE