SINGAPORE –a 74-year-old man chatted for six hours online, with a friendly roast duck seller he met on Facebook, only to find his life savings almost wiped out soon after.
The man, who wanted to be known only as Mr Loh, lost about $70,000 to scammers who siphoned money from his DBS and POSB credit card and bank accounts after infecting his Android phone with malware.
On 26th August, he had chanced upon a Facebook advertisement from a supplier called “Xiao Xiao Ya Zi” for a Peking duck.
He was enticed by the deal which offered $23.80 for a 1.5kg Peking duck with $5 shipping and contacted the seller on Facebook who texted Mr Loh on WhatsApp, instructing him through voice messages to download a third-party app called Grab&Go on his phone. The app prompted him to make a $5 payment through PayNow as a “deposit” prior to his order being placed.
Mr Loh, who used to work as an importer, was initially suspicious of the advert but let his guard down when the seller convinced him that the promotion was not a scam.
“I asked him: ‘Is this a scam?’ and he said that no one would be cheated of $5 and that this was a small thing and that I had a lot of wisdom and experience. He told The Straits Times he had then agreed to proceed since it was only a matter of $5.
While he was still chatting with the seller, he had noticed that his phone screen had gone blank.
Within 30 minutes, when his phone restarted multiple times, Mr Loh tried to close the third-party app and turn off his phone but failed.
Panicking, Mr Loh who has three children reached out to the scammer, who reassured him that the phone reset was normal.
His wife, who overheard the conversation, realised that something was amiss and called their daughter. She then immediately got her brother to call DBS Bank.
The bank officer informed the family that the scammers had raised Mr Loh’s transaction limit, which was set at $3,000 and transferred about $59,000 out of his DBS current account and POSB savings account. The scammers had also taken a credit advance of about $11,000 using his DBS credit card.
His daughter, who wants to be known as Ms Ang, said that she had warned her parents about such scams.
Mr Loh who sought help from DBS made a police report on 27th August.
The police confirmed that a report had been made and investigations were ongoing.
Mr Loh asked why he did not receive any notifications when his transaction limits were increased.
He said he knew that some banks required a 12-hour cooling-off period when there was an increase (in funds transfer limits) but his credit limit was changed immediately without his permission and knowledge.
DBS said When contacted, that it has dedicated resources to “act swiftly” to help customers who are scammed. They can call the anti-fraud hotline on 1800-339-6963.
DBS also has a safety switch function on its digibank app, which is able to temporarily block access to funds.
Since then Mr Loh has changed his mobile phone and deleted his Facebook and Internet banking apps.
In the first half of 2023, at least $10 million in total was lost by more than 750 scam victims due to unauthorised banking transactions performed by malware, which also resets the victims’ phones.
Scammers, have been instructing interested buyers to click on links to download third-party apps, under the guise of “selling” everything from moon cakes to fish and durian day tour tickets on social media, which then allow the crooks to take control of the victims’ phones.
OCBC, UOB and DBS have recently announced greater controls aimed at protecting customers against malware-enabled scams.
For example, DBS is progressively pushing out a new anti-malware tool on its DBS/POSB digibank app, starting in September.
The anti-malware tool restricts users’ access to the DBS app if it detects the presence of malware, apps downloaded from unverified app stores with accessibility permissions enabled, or ongoing screen sharing on a customer’s device.
Once a known malware is detected, customers will receive a pop-up notification requesting that they secure their devices. They can do this by disconnecting their mobile devices from the Internet and deleting suspicious apps to regain access to their banking app.
