Earlier this month, the Singapore Police Force (SPF) released an advisory on phishing scams involving fake ScamShield mobile application.
Scamshield is an anti-scam mobile application developed by the National Crime Prevention Council and Open Government Products, and was launched in 2020. It detects scam messages, blocks out scam calls automatically, and allows users to report scam messages and calls. The ScamShield mobile application is now available for iOS devices and Android devices.
In the advisory released, the police advised members of the public not to download any suspicious app on their devices as they may contain phishing malware which scammers use to hijack the victim’s devices.
New Scam Technique
In the new phishing scam variant, scammers would lure potential victims by publishing several advertisements (sale of food items) via social media platforms, such as Facebook, on Android devices. The unwary victims would then contact the scammers via WhatsApp to purchase the food items. The victims would then be asked to download an application by clicking on the URL provided in order to purchase the food items and make payment for the order. The unauthorized transactions would then be made from the victim’s banking accounts or credit cards.
Shortly after the unauthorized transactions were made, the scammers would then contact the victim and introduce themselves as an employee of the bank who are following up on the fraudulent transactions they just made. They would then proceed to send the URL link of the fake ScamShield app, recommending the victim download it in order to make a report in the app and to protect against such scams. The scammers would insist that the URL provided is legitimate and would advise the victims not to download the ScamShield App from the official Google Play Store.
The police warn members of the public about the danger of downloading third-party applications or clicking on malicious links, which may lead to malware infections. Members of the public may refer to the official ScamShield website to find out more information about using the legit application.
- Download Apps from Official Sources
Avoid downloading applications from third-party websites or unknown sources as they are more likely to contain malware or fraudulent software. Only download mobile applications from trusted and official sources such as Google Play Store or Apple App Store. Run a check on the official website, check for positive user reviews, and research the developer to find out more information before you download. Some fake apps may have a similar developer name as the originals, with a few letters changed to trick potential victims into trusting them as the real deal!
- Be Skeptical & Be Cautious
Avoid clicking on any suspicious links or URLs sent by email, text messages, or from social media platforms. Always pay attention to what you click on, especially from those who claim to be from trusted organizations. Be skeptical and verify the information with official sources before clicking or downloading anything.
- Strong Passwords & 2FA
A password is your first layer of defense against cyber threats. It is recommended to use a strong password for your online accounts. A strong password should be long and random, with at least 12 characters and a mix of uppercase and lowercase letters, numbers, and symbols. It is also recommended to avoid reusing the same password across your other online accounts.
Using the same password across multiple platforms increases the damages of unauthorized access and data breach if one account is compromised. Additionally, it is also recommended to turn on two-factor authentication (2FA) whenever possible. The 2FA adds an extra layer of security to your accounts, by requiring a second factor of authentication to access your account. Even if your password is compromised, the hacker would still need a second authentication to gain access.
- Trust Your Instincts
When you see something suspicious or felt that it’s too good to be true, it probably is! Trust your instincts and be careful of suspicious requests for personal information, financial details, login credentials, or requests for payments. When in doubt, always check with your IT support, or check with the official source directly. Remember, it is always better to be safe than sorry!
- Educate Yourself & Your Loved Ones
Stay informed about the latest cyber threats and tech news. Share cybersecurity awareness knowledge with your friends and family members and educate them on the prevention measures. Encourage open discussions about cybersecurity, especially among the elderly and children who may be more vulnerable to online scams.
Cyber threats are everywhere and as technology advances, these cyber criminals will too. By staying informed on the latest scams and tech news, we can be more aware of the threats that are happening around us and adopt preventive measures to safeguard ourselves against them. Sharing cybersecurity knowledge with our families and friends will help greatly by creating awareness and reducing the risk of them becoming a victim of these threats. Remember, maintaining online security is a shared responsibility, and staying vigilant is crucial to protect against evolving cyber threats.