• IP addresses are NOT logged in this forum so there's no point asking. Please note that this forum is full of homophobes, racists, lunatics, schizophrenics & absolute nut jobs with a smattering of geniuses, Chinese chauvinists, Moderate Muslims and last but not least a couple of "know-it-alls" constantly sprouting their dubious wisdom. If you believe that content generated by unsavory characters might cause you offense PLEASE LEAVE NOW! Sammyboy Admin and Staff are not responsible for your hurt feelings should you choose to read any of the content here.

    The OTHER forum is HERE so please stop asking.

Woman who scanned QR code with malware lost $20k to bubble tea survey scam while she was sleeping

SBFNews

Alfrescian
Loyal
Joined
Feb 26, 2019
Messages
12,449
Points
113
www.straitstimes.com

Woman who scanned QR code with malware lost $20k to bubble tea survey scam while she was sleeping​


nadinechua.png

SINGAPORE - She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea.

Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.

That night, as she was sleeping, her mobile phone suddenly lit up.

Thanks to the app she had downloaded, scammers used it to take over her device and moved $20,000 from her bank account.

Worryingly, she is not the only victim of such malware scams.
In April, the police and the Cyber Security Agency of Singapore warned the public about downloading apps from dubious sites that can lead to malware being installed onto victims’ mobile phones.

They said such malware has resulted in confidential and sensitive data, including banking credentials, being stolen.

That month, the police also alerted the public to the resurgence of phishing scams involving malware installed on victims’ Android phones. The police had said that since March, there have been at least 113 victims who lost at least $445,000.

The case of the bubble tea survey scam was related to The Sunday Times by Mr Beaver Chua, head of anti-fraud at OCBC Bank’s group financial crime compliance department, last week.

He said: “While malware scams are not particularly new, scammers are getting increasingly innovative.
“Besides website pop-up banners, which are most common, pasting bogus QR codes outside F&B establishments is another cunning way to hook victims as consumers may not be able to differentiate between legitimate and malicious QR codes.”

More than 680 scam victims avoid losses of over $260,000 after police, banks step in
Impact of scam on victims goes beyond money as they lose trust in people, become stressed: Panel

How the scam works​

Mr Chua said that when the victim scans the QR code, he is prompted to download an app containing malware and is made to grant access to the phone’s microphone and camera.

He is also asked to enable Android Accessibility Service, an app intended to assist users with disabilities, which allows the scammer to view and control the victim’s screen.

The scammer waits for the victim to use his mobile banking app and notes his login credentials and password. The scammer can also disable the facial recognition function, so the victim has to physically key in his details to log into his account, allowing the crook to record the information.

The scammer then accesses the camera to monitor the victim’s activity, waiting for the right moment to strike.
At night, when the victim is sleeping, the scammer takes control of the phone through the malware.

He logs into the victim’s mobile banking app and transfers money out of his bank account.

Said Mr Chua: “This scam is so insidious because scammers take over the victim’s phone. And because victims lose control of their Internet banking account, they won’t even know when their savings have been completely wiped out.”

Mr Chua said scammers tend to paste these manipulated QR codes near authorised scan-to-pay signs, which trick customers into thinking they are legitimate.

University student Char Shao Wen, 25, who buys bubble tea twice a week, said she is alert whenever she scans a QR code at such shops.

“I drink bubble tea often, so hearing that such a scam exists is scary. And if they’re pasted near legitimate QR codes, I would imagine it will be a lot tougher to detect,” she added.

Mr Chua said scammers can also paste such deceptive QR codes on lamp posts near traffic lights, waiting for a victim to take the bait.

Mr Yeo Siang Tiong, general manager for South-east Asia at cyber-security firm Kaspersky, said businesses should stay vigilant to promotional stickers and QR codes that have been placed on their premises without their knowledge.

He warned customers, saying: “If the code looks tampered with or suspicious, consider asking the establishment for advice.”

Facebook Marketplace, Carousell bottom in e-commerce safety ratings; Amazon, Lazada on top
Joint police-OCBC operation stops scam losses of more than $12.6m for 700 victims

Mrs Ong-Ang Ai Boon, director of the Association of Banks in Singapore, said the risk of malware is not new and people have been warned of that for some time.

She said: “It remains critically important for everyone to practise cyber-security discipline by not clicking unknown links or installing unknown apps or software onto their devices. While banks will continue to do our part in surveillance and recovery efforts, the strongest defence against scams is a watchful and discerning public.”

In 2022, scam victims in Singapore lost $660.7 million, up from $632 million in 2021, bringing the total to almost $1.3 billion lost in two years.

There were 31,728 scam cases reported in 2022, up from 23,933 cases in 2021.

Why malware scams target Android users​

Kaspersky’s Mr Yeo said Android operating system software is open source, allowing anyone to modify it.
He added: “This makes it easier for hackers to discover and exploit security vulnerabilities in the software in case of developer mistakes. In turn, this results in malicious apps finding their way onto Android devices easily, increasing the susceptibility of Android users to attacks.”

On the other hand, he said, iPhone users are less susceptible to malware scams via apps as iOS users can download apps only from the Apple App Store, which has stringent guidelines for app developers. This ensures only legitimate and secure apps are available to users.

But he added: “Although malware scams are less common in iPhone devices, they are not unheard of and are silently on the rise.”

 
The use of mobile banking apps. still carry unsolvable risks.
Seems that hard tokens are safer to use but most banks will stop issuing them once the battery runs out.
 
That’s actually a very cunning scam. To be honest if I was greedy to get a bubble tea and cheap enough to use an Android phone, then I will be in trouble.
 
These are the same morons who probably scanned whatever QR codes found on ad posters from the govt e.g. 'scan me to find out more' or 'scan here to register'. :biggrin:
 
Lol,even vac all.sinkies chiong,lol,this is open leg policies,good ,should ask the person who lost the money vote for who,lol,Don pity them they deserve it,lol,even dbs hv so many ceca ,nozlt surprise ,lol
 
Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.
Uncle trying to understand this.
1. Scanned the qrcode on the sticker TO download a 3rd party app or
2. Scanned the qrcode on the sticker AND
download a 3rd party app ?
These 2 carries different meaning and different level of stupidity.
Can scanning a qrcode lead to downloading a app ?
If is AND means it is alright to scan the qrcode but she is stupid to download and install the app which is another different step.
 
She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea.

Enticed by what seemed like a good deal
, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.

Probably the same kind of people who queued up for that crappy Huawei phone.

Here's an idea: wear a t-shirt with a QR code printed on it, with the words "Scan me to find out more!" next to it. The decoded QR code reads 'Fuck you'. :biggrin:
 
Back
Top