15-year-olds among 13 arrested for alleged involvement in banking-related malware scams
TWO 15-year-olds were among the 13 people arrested for their suspected involvement in banking-related malware scams targeting Android users.
The two were apprehended alongside seven men and four women, aged 17 to 25, during an islandwide anti-scam enforcement operation conducted between Aug 14 and 25, said the police on Saturday (Aug 26).
Preliminary investigations showed that the 13 people had allegedly facilitated the con by relinquishing their bank accounts, Internet banking credentials or disclosing their Singpass credentials for monetary gains.
Another two women – aged 29 and 39 – and another 15-year-old teenager are assisting with investigations, which are ongoing.
The police highlighted that cases of malware being used to compromise Android mobile devices have been on the rise since January.
The installed malware has resulted in unauthorised transactions made from the victims’ bank accounts, even though they did not divulge their Internet banking credentials, one-time-passwords or Singpass credentials.
BT in your inbox
Start and end each day with the latest news stories and analyses delivered straight to your inbox.
In such instances, the victims had responded to advertisements such as pet grooming services on social media platforms, which include Facebook. They were later instructed by the scammers to download an Android Package Kit from an unofficial app store to facilitate the purchases, leading to malware being installed on their mobile devices.
The scammers then persuaded the victims via phone calls or text messages to turn on accessibility services on their Android phones.
This weakens the phone’s security features, allowing the swindlers to take full control of the phone. For instance, they would be able to log every keystroke and steal banking credentials stored in the phone, as well as log in to the victims’ banking apps, add money mules as payees, raise payment limits, and transfer monies out to money mules.
The scammers can further delete text and e-mail notifications of the bank transfers to cover their tracks.
The police advised members of the public to avoid clicking on suspicious links, scanning unknown QR codes or downloading mobile apps from third-party websites or unknown sources. “These unverified apps may contain malware, which can severely compromise the security of mobile devices.”
“Instead, members of the public are reminded to only download apps from official app stores, and to check the number of downloads and user reviews before downloading any apps,” they said.
“Always be wary of any requests for Singpass and banking credentials or money transfers and attractive offers that sound too good to be true.”
Members of the public are also reminded to turn on security settings, such as disallowing the installation of apps from unknown sources, to help protect their devices, added the police.
Those convicted of acquiring benefits from criminal conduct may be jailed up to 10 years, fined up to S$500,000, or both.
For deceiving banks into opening bank accounts that are not meant for their own use and relinquishing bank account log-in details, offenders may be liable to a three-year jail term, a fine, or both under the Penal Code. They may also face a fine of up to S$5,000 or a jail term of two years under the Computer Misuse Act, or both.
For disclosing their Singpass credentials, offenders may be jailed up to three years, fined up to S$10,000, or both.
Copyright SPH Media. All rights reserved.
