The Singapore Police Force (SPF) and Cyber Security Agency of Singapore (CSA) would like to remind members of the public of the prevalence of malware scams affecting Android users, and provide advice on what to do if you fall victim. These scammers deceive users into installing malicious apps on their Android devices, which allows them to remotely access the victims’ devices and steal sensitive information, including personal data and banking credentials, to perform fraudulent monetary transactions.
SPF and CSA continue to observe a common set of tactics that scammers employ for malware scams perpetrated through social media platforms and e-commerce websites. The diagram in Annex A illustrates the typical attack stages of such scams.
Social Engineering Tactics Employed by Scammers on Social Media Platforms and E-Commerce Websites
During the “Delivery” phase as illustrated in Annex A, scammers have been observed to employ various social engineering tactics on social media platforms and e-commerce websites through the use of fraudulent advertisements (cleaning services, food products etc.), messages from fake friends, bank or government officials, and spoofed pop-up alerts to trick victims into installing a malicious application on their Android devices:
- Enticing Promotions: Scammers often attempt to lure users with attractive offers and promotions, through eye-catching advertisements or under the pretext of joining, or voting in fake campaigns allegedly organised by local brands on various social media platforms.
- Inauthentic Behaviour and Bots: To perpetuate the illusion of legitimacy, scammers may deploy bots or fake accounts that exhibit human-like behaviour. These automated accounts may respond to messages, leave positive reviews and even share seemingly genuine experiences from using the goods or services.
- Building Trust: Scammers often try to build genuine trust with the victims via phone calls or text messages. They may use local colloquialisms or Singlish, speak with a local accent or sound professional. These serve to create a false sense of familiarity, which may lower the victims’ vigilance and lead to misplaced trust.
- Social Engineering: Scammers may use social engineering techniques to gather information about the victims. They may ask seemingly perceptive questions, such as the victims’ address and dietary preferences, under the guise of processing their orders. Scammers may also gather personal information belonging to the victims that can later be exploited.
- Deceptive Tactics: Scammers may employ other tactics to deceive victims, such as requesting a small deposit or issuing a professional-looking invoice to enhance the appearance of legitimacy and make the transactions seem genuine.
After successfully gaining their trust of their victims, scammers may direct the victims to download a specific app, usually from unofficial sources (not the official app stores), to finalise the orders. They may also provide instructions on how to install the app (Refer to Annex B), including how to bypass default Android security controls, such as turning off Google Play Protect that blocks the downloading of high risk apps (Refer to Annex C). Some fake apps often have interfaces that are professional looking or resemble legitimate services, giving victims a further false sense of security. Members of the public are reminded to always keep Google Play Protect enabled on their Android devices and to never disable it.
Scammers may also call victims who are hesitant about installing the fake app to further pressure them. If the victims use an iPhone, the scammers may recommend that the victims borrow an Android phone to "complete the order". Victims would only realise that they have been scammed when the scammers become uncontactable.
Why Android Devices May Be More Prone to Malware Infections
Android's open nature allows for greater flexibility and customisation for developers and users, but it also makes it easier for scammers to develop and distribute malicious apps. Users can download and install (sideloaded) apps from sources other than the official Google Play Store, which, combined with the large number of Android users, makes Android a more appealing platform for scammers.
However, it is important to note that Android devices are not fundamentally less secure than other mobile operating systems. Scammers are now unable to bypass Android’s security controls to install the malware with the new enhanced fraud protection security feature for Android users through Google Play Protect unless users are deceived into turning off this feature. Users of Android devices are advised to be aware of the potential risks and to follow the best practices to safeguard their devices.
Safety Tips for Online Offers
SPF and CSA would like to advise members of the public to adopt the following precautionary measures:
- Be Sceptical — Stay Safe and Not Sorry: If the price is too good to be true, it probably is. Stay sceptical and verify the legitimacy of the offer with the company via official sources. Consult your family, friends, or colleagues if you remain unsure.
- Avoid Installing Unknown Apps: Refrain from downloading apps from third-party websites outside official app stores like Google Play Store and Apple App Store, including arbitrary file hosting services. Malicious apps will usually request for unnecessary permissions, such as “Accessibility Services”, that are unrelated to their intended functionalities. Review app permissions carefully during installation and reject any suspicious requests.
- Be Wary of Unusual Payment Requests: Be cautious if the offers require you to use unconventional payment methods, such as bank transfers, gift cards or cryptocurrency. These methods are often favoured by scammers because they are difficult to trace and reverse.
- Report Suspicious Content: If you come across an offer that seems suspicious or potentially harmful, report it to the social media platform to help protect others from falling victim to scams.
- Share with Care: Always verify the legitimacy of the offer before sharing with your family, friends, and colleagues. If in doubt, avoid sharing it or enlist their assistance in helping you verify the legitimacy.
What to Do if You Fall Victim
If you suspect that you, or someone you know have fallen victim to a similar scam, do take the following steps:
- Switch your Device to Flight Mode: If you suspect your device has been infected by malware, switch your device to the “flight mode” and turn off your Wi-Fi connection immediately to disconnect from the Internet. This will prevent the scammers from further accessing your device remotely.
- Check For Unauthorised Transactions: If there are unauthorised transactions detected in your bank account(s) and/or Singpass account, contact your bank and inform them of the incident. Your bank should be able to freeze your bank account as a precautionary measure until investigations are complete. Continue to keep your phone in “flight mode” and ensure that Wi-Fi remains turned off at all times.
- Report the Incident: Further to informing your bank, report the incident to the relevant authorities and lodge a police report at any Neighbourhood Police Post or online at https://eservices1.police.gov.sg. You are advised not to do a factory reset before reporting the incident to the police as this could hinder investigations. You may also wish to report the incident to SingCERT at https://go.gov.sg/singcert-incident-reporting-form.
If No Malware or Loss was Detected
After completing steps a) to c), if you believe that your phone has not been infected with malware, you may resume usage of your device by booting your device in safe mode to disable third-party apps temporarily, uninstall any suspicious apps, and install mobile security software from a trusted source to scan for remaining malware. As a further precaution and if you are not submitting your device to the authorities for further investigations, you may also consider doing a “factory reset” of your device and changing important passwords.
If you have any information relating to such crimes or if you are in doubt, please call the Police Hotline at 1800-255-0000, or submit it online at www.police.gov.sg/i-witness. All information will be kept strictly confidential. If you require urgent Police assistance, please dial ‘999’. For more information on scams, members of the public can visit www.scamshield.gov.sg or call the ScamShield Helpline at 1799.
The rise in online scams requires vigilance and awareness to protect yourself from falling victim to cybercriminals. Stay informed, stay alert, and share this advisory with your family, friends, and colleagues. Together, we can raise awareness about the threats we face and foster a collective effort in combating ever-evolving malware scams.
Annex A
Attack Stages of Malware Scams▼
Annex B
Installation of Malicious App▼
Annex C
Disabling Google Play Protect▼
Source: www.airdroid.com
SINGAPORE POLICE FORCE
06 November 2024 @ 6:00 PM