KUALA LUMPUR – Police have found a new modus operandi by scammers who obtain their victims’ personal details through an SMS app to track their purchases and steal money from victims’ bank accounts through an Android Package (APK) download.
Federal Commercial Crime Investigation Department (CCID) director Comm Datuk Mohd Kamarudin Md Din said scammers could hack into a victim’s phone after gaining access through an APK file downloaded by victims who “purchased” items online.
He said scammers would advertise items for sale on social media such as Facebook so that those who were interested would contact the “sellers” via WhatsApp.
“They will be instructed to download and install on their mobile phones an APK file link containing a fake application.
“The application will then take over the buyer’s existing SMS system, and the buyer has to register and fill in personal and banking details before they can use the application.
“After pressing the ‘send’ button, an error message will be shown as the application is not linked to any legitimate banking sites,” he said at a press conference on February 10.
Comm Mohd Kamarudin said the process was merely to give scammers access to the content of the buyer’s SMS and banking details.
“With enough information, the scammers can transfer money from the buyer’s account without their knowledge.
“So far, five cases have been detected, with losses amounting to RM58,844.
“Three of the cases were detected in Johor, while one each was reported in Penang and Sabah,” he added.
Comm Mohd Kamarudin advised the public not to download APK files sent to their mobile phones by unknown people.
“The safety of the phone SMS system must always be protected as it will receive an OTP (one-time password) from various applications installed on mobile phones.
“Don’t ever install SMS applications from untrustworthy sources,” he said.
The public can call the CCID Scam Response Centre at 03-2610 1559/1599 for further details or advice.
Join our Telegram group for the latest updates!
Read more: Advanced Scams, Data Breaches, Crypto and NFT Attacks to Shape SEA Cyberthreat Landscape in 2022
Discussion about this post