Buying mooncakes online? Beware of this scam that made victims lose $325k in a month
With the Mid-Autumn Festival around the corner, some people have started buying mooncakes.
Beware of this scam if you're looking to buy the sweet treats online, the police warned in a news release on Tuesday (Sept 5).
According to the police, at least 27 victims were scammed out of $325,000 in August alone by fake mooncake sellers on social media.
Lured by advertisements on Facebook and Instagram, the victims would contact the "sellers" directly via social messaging platforms to place their orders.
Through WhatsApp messages, the victims were told to use a link to make payment, which directed them to download an Android Package Kit (APK) file containing malware.
In other cases, victims were first instructed to make payment via PayNow or bank transfers.
They were later told by the "sellers" that their orders had to be cancelled due to production or manpower issues. To get refunds, the victims had to download the APK file.
Once the APK file is installed on their mobile phones, scammers will be able to access the victims' devices remotely to steal passwords while the malware's keylogging capabilities will enable scammers to retrieve the victims' banking credentials.
Victims of the mooncake scam noticed unauthorised transactions from their banking accounts, the police said.
One such victim, Catherine Yip, took to Complaint Singapore Facebook page on Tuesday to share how she got scammed by one of the fake mooncake sellers named Duria Singapore.
According to Yip, a 'Lily' from Duria Singapore called and told her that staff at the factory caught Covid and the premises had to be closed for a month to facilitate disinfection.
When Yip asked for a refund, 'Lily' asked her to download the APK file. Since it was a file for phones with Android operating syste, Yip said: "I'm an iPhone user so it couldn't be done."
"Then, she said she was going to check for me. But in the next second, she deleted all the messages sent and blocked me. She even blocked me on Facebook Messenger," Yip wrote.
AsiaOne did a quick check online and found that Duria Singapore's Facebook page is no longer available.
How to keep yourself safe from such scams
The police also encouraged members of the public to adopt the following precautionary measures:
- Download the ScamShield app which filters scam messages and calls from numbers used in illegal activities
- Install updated anti-virus/anti-malware apps
- Disable "Install Unknown App" or "Unknown Sources" in your phone settings
- Only download and install applications from official app stores
- Be wary if you are asked to download unknown apps in order to purchase items or services on social media platforms
The police also urged the public to report any fraudulent transactions to the bank immediately and to inform the authorities, family and friends about the scams.
If you suspect that your phone is infected with malware, you should do the following:
- Switch to 'flight mode', turn off WiFi and run an an anti-virus scan on your phone
- Check your bank account, Singpass and other accounts for any unauthorised transaction
- If there are unauthorised transactions, report the matter to the bank, relevant authorities, and lodge a police report
In the event that there is no malware found on your device, do a "factory reset" and change important passwords.
For more information on scams, members of the public can visit www.scamalert.sg or call the anti-scam helpline on 1800-722-6688.
ALSO READ: Lured by cheap drinks online, woman loses nearly $200k after downloading fake shopping app
ashwini.balan@asiaone.com
Disclaimer: The copyright of this article belongs to the original author. Reposting this article is solely for the purpose of information dissemination and does not constitute any investment advice. If there is any infringement, please contact us immediately. We will make corrections or deletions as necessary. Thank you.
