As with similar scams, the scammers would then send victims a uniform resource locator (URL) link over WhatsApp for them to download an Android package kit (APK) file. APK files are used to install apps created for the Android operating system.
“After downloading and installing the APK file, the scammers would be able to retrieve the victims’ banking credentials once they log in to their internet banking accounts,” SPF said.
“Subsequently, victims discovered unauthorised transactions from their banking accounts.”
Since July, at least 19 victims have lost a total of about S$13,000 (US$9,580) to scammers using these tactics.