Banking-related malware scams: 16 year old among 13 arrested for suspected involvement

SINGAPORE — In a five-day islandwide operation late last month, the Singapore Police Force (SPF) have arrested 13 individuals for suspected involvement in banking-related malware scam cases, including a 16-year-old teenager.

Besides the 16-year-old, officers from the Commercial Affairs Department (CAD) and Police Intelligence Department (PID) arrested 10 men and two women, aged between 19 and 35. Another nine men and a woman, aged between 17 and 65, are assisting in the investigations.

Preliminary investigations revealed that seven men and two women, aged between 19 and 27, and the 16-year-old youth, had allegedly facilitated the scam cases by relinquishing their bank accounts, Internet banking credentials and/or disclosed their Singpass credentials for monetary gains.

The other three men, aged 20 and 35, are believed to have withdrawn money from some of the money mules' bank accounts and handed the money to unknown persons.

SPF did not reveal how much the victims had lost in total.

How victims were scammed

In a statement released on Saturday (1 July), SPF revealed that since January 2023, they have received increasing reports that malware was used to compromise Android mobile devices, resulting in unauthorised transactions made from the victims' bank accounts even though they did not divulge their Internet banking credentials, One-Time-Passwords (OTP) or Singpass credentials to anyone.

The victims in these cases responded to advertisements such as cleaning services, pet grooming, food items such as seafood and groceries on social media platforms and were later instructed by the scammers to download an Android Package Kit (APK) from non-official app-store platforms to facilitate the purchase, leading to malware being installed on the victims' mobile devices.

The victims were then convinced by the scammers through phone calls or text messages to turn on accessibility services on their Android phones, resulting in the phones' security being weakened and allowing the scammer to take full control of their phones.

The scammers can then log every keystroke, steal banking credentials stored in the phones, and remotely log in to banking apps to add money mules as payees, raise payment limits and transfer money out to money mules. SPF also noted that the scammers can further delete text messages and email notifications of the specific bank transfer to cover their tracks.

• Also read: Online home rental scams in Singapore increased by over 400 per cent in 2022

• Also read: Facebook Marketplace, Carousell ranked lowest in anti-scam rating

• Also read: OCBC phishing scam: Only 9 out of 120 money mules charged

Punishment for offences

The offence of acquiring benefits from criminal conduct under Section 54(5)(a) of the Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act 1992 carries an imprisonment of up to 10 years, a fine of up to S$500,000, or both.

For deceiving the banks into opening bank accounts that were not meant for their own use and relinquishing their bank account login details, they are liable under Section 417 read with Section 109 of the Penal Code 1871 and Section 3(1) of the Computer Misuse Act 1993 respectively.

The offence of cheating under Section 417 of the Penal Code 1871 carries an imprisonment term of up to three years, or with a fine, or both, while the offence under Section 3(1) of the Computer Misuse Act 1993 carries a fine of up to S$5,000, or an imprisonment term of up to two years, or both.

For disclosing their Singpass credentials under Section 8 of the Computer Misuse Act 1993, they are liable to an imprisonment term not exceeding three years, a fine of up to S$10,000, or both.

SPF reminded the public to be wary of clicking on suspicious links, scanning unknown QR codes, or downloading mobile apps from third-party websites or unknown sources. Members of the public should only download apps from official app stores and always check the number of downloads and user reviews.

For more information on scams, members of the public can visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688. Anyone with information on such scams may call the Police Hotline at 1800-255-0000 or submit information online at www.police.gov.sg/iwitness.

Follow us on Facebook, Instagram, TikTok and Twitter.