Scam Ads Lure Victims Through Social Media
In Singapore, Android phone users recently lost $2.4 million to scams. The scammers used fake ads on Facebook and TikTok to trap victims. These scams have affected at least 128 people since February. The scam starts with an ad that looks like a normal product or service offer. The ad asks users to leave their contact details to show interest. This is where the trouble begins.
Once a user gives their phone number, someone pretending to be from the business contacts them. The scammer usually messages through WhatsApp. They ask the victim to make a small payment, either for a membership or a deposit. The scammer sends a link to the victim for the payment.
When the victim visits the site and tries to pay, the scammers tell them the transaction failed. To “help” fix this, the scammers convince the victim to download an app. The app is supposed to solve the problem, but this is where the real scam begins.
Malicious Apps Used to Steal Banking Information
The app that scammers send is in the form of an APK file, which is used for installing apps on Android devices. It doesn’t come from the Google Play Store, but directly through WhatsApp messages. The app is actually malware—a type of software designed to secretly spy on the user’s phone and steal sensitive data.
Scammers often tell victims to disable a phone security feature called Google Play Protect to ensure the malicious app installs without warning. This built-in feature normally scans and blocks harmful apps, but once victims turn it off, it no longer blocks the malware and allows the phone to download it without raising any red flags.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
Sometimes, scammers also ask victims to install virtual private network (VPN) apps from the Play Store. While people usually use VPNs for privacy, in these cases the scammers use them to gain even deeper access to the victim’s device. Once they install the malware, the scammers can see everything happening on the phone. They can access saved passwords, view text messages that contain bank OTPs, and even control the phone remotely.
Armed with the victim’s bank login information and security codes, the scammers then perform unauthorised transactions. This might happen directly from the victim’s device or from a different one, using the stolen details. Victims often fail to realise what’s happening until scammers have already emptied their bank accounts or charged their cards for unknown purchases.
Police Issue Warning as Scam Losses Continue to Climb
Singapore police have issued an urgent warning to the public, especially Android users, to be extremely cautious when interacting with online ads. Fake promotions that ask for personal details can quickly lead to scammers reaching out with requests to download dangerous software.
These types of scams are not only becoming more common but also more convincing. Victims are often guided step-by-step by the scammers, who sound professional and friendly. Because the process begins with a social media ad that looks real, many people fall into the trap without suspecting anything wrong.
Critical Vulnerabilities: The Dark Side of Pacemaker Technology
The police explained that users should be careful about where they download apps from, and avoid clicking on unknown links or giving personal details to strangers online. Malware sent through APK files is a serious threat because it gives full access to the device. When paired with stolen OTPs, scammers can easily break through banking security.
In 2024, Singapore saw a record $1.1 billion in scam-related losses—the highest amount in a single year. Since 2019, total losses have gone beyond $3.4 billion. This latest malware scam is part of that growing trend and highlights just how important it is to stay alert when using mobile phones and social media platforms.
