SINGAPORE: At least 113 Android phone users had their banking credentials stolen in phishing scams since March, with losses amounting to at least S$445,000.

The police said on April 13 that the victims had come across advertisements marketing home services or the sale of food items on social media platforms, including Facebook and Instagram.

The victims contacted the putative businesses through the platforms or via WhatsApp, and were sent a URL that redirected them to download an app to book the services or make their purchases.

Clicking on the URL took them to fake Internet banking login sites, where they then keyed in their banking details, including card information.

The applications they downloaded contained malware that redirected victims’ banking credentials and SMS one-time passwords to the scammers.

“These would be used by scammers to access and make unauthorised transactions in the Android phone’s Internet banking app,” said the police, adding that victims only realised they had been scammed after noticing unauthorised transactions or charges to their cards being made.

“Always exercise caution when clicking on advertisements embedded within applications that lead to a third-party website that prompts downloads of files,” the police advised.

The police advised downloading apps only from official app stores, and checking the developer information as well as the number of downloads and user reviews to ensure that the app is legitimate.

Apps or Android Package Kit (APK) files from the Internet or third-party could contain phishing malware. APKs are installation files for Android apps that can be downloaded from the Internet and third-party app stores, instead of the Google Play Store.

Users should also update their devices with the latest security patches, and disable the “Install Unknown App” or “Unknown Sources” in the device’s settings.

“Do not grant permission to persistent pop-ups that request for access to your device’s hardware or data,” the police added.

The police recommended setting security features such as two-factor authentication.

 - ANN