SINGAPORE – A part-time bakery worker lost over US$81,000 (S$110,960) to scammers who siphoned money from her two DBS bank accounts after infecting her Android phone with malware.
Ms Lie, 52, had on Sept 10 chanced upon a Facebook advertisement for a $28 durian day-tour ticket to Kulai, Malaysia, from a tour agency called “GD Travel & Tour”.
She was attracted by the offer as she had enjoyed a durian tour in 2022 and contacted the seller on Facebook.
The seller texted Ms Lie on WhatsApp and instructed her through voice messages to download a third-party app called EG Store on her phone to browse the tour offers.
“I wasn’t suspicious of him. He had a strong Malaysian accent and sounded very sincere. He was patient and helpful with my questions about the tour so I believed him,” she told The Straits Times.
Ms Lie eventually did not buy the tour ticket as her friends did not want to go. She did not provide him with her banking details or address.
[[nid:648922]]
She did not think much about the incident until a week later when she was trying to pay her credit card bills. She noticed that she could not log into her Internet banking app after multiple attempts.
Her son, who wanted to be known as Mr Teo, called DBS immediately, thinking its digital banking services were disrupted.
It was only when a bank officer told Mr Teo that his mother’s account was locked on Sept 13 due to large transfers of US dollars that they realised something was amiss.
The scammers had raised her transaction limit and transferred over $110,000 out of two DBS savings accounts to five different bank accounts.
Ms Lie said she had set aside that money for her retirement and Mr Teo’s wedding in 2024.
“I cry every day and cannot sleep. This was my money saved over three decades. I deleted all the banking apps in my phone because I’m so scared,” said Ms Lie, who has three children.
Ms Lie sought help from DBS and reached out to Jalan Besar GRC MP Wan Rizal to waive the amount that was drawn from the bank accounts. She made a police report on Sept 18.
The police confirmed that investigations are ongoing.
When contacted, DBS said it has dedicated resources to “act swiftly and assist” customers who are scammed, including a dedicated fraud hotline – 1800-339-6963 (from Singapore) or (+65) 6339-6963 (from overseas). It also has a safety switch function on the digibank app, which would temporarily block access to funds.
“We will assist these customers with necessary follow-up actions, which include making a police report, or replacing their cards/re-securing their accounts,” DBS said.
“While we continue to adopt multi-pronged measures to strengthen fraud prevention and recovery, customers remain the first line of defence in safeguarding against scams.”
[[nid:648555]]
Ms Lie questioned how the large sums in foreign currency were transferred out of her accounts without any notifications sent to her.
“Why didn’t I get any e-mails or one-time passwords (OTPs) from the bank (to verify the transactions)? What if I hadn’t checked my bank account? I wouldn’t have known that my money was stolen,” she added.
There have been similar scams recently in which “sellers” send victims payment links that download malware into their phones, enabling scammers to control their devices remotely and drain their bank accounts.
Following OCBC Bank’s lead, UOB and DBS recently announced greater controls aimed at protecting customers against malware-enabled scams.
DBS will be pushing out a new anti-malware tool on its DBS/POSB digibank app progressively from September. The anti-malware tool will restrict DBS users’ access to their DBS/POSB digibank app if it detects the presence of malware, apps downloaded from unverified app stores with accessibility permissions enabled, or ongoing screen sharing on a customer’s device.
Once a known malware is detected, customers will receive a pop-up notification requesting that they secure their devices. They can do so by disconnecting their mobile devices from the Internet and deleting suspicious apps to regain access to their banking app.
Android phone users who had downloaded apps from other portals instead of an official store found that they were unable to access their OCBC online banking services. They would need to delete these apps to use OCBC app banking services again.
UOB will be progressively rolling out two new security features on its UOB TMRW banking app from Wednesday. The first update will restrict customers’ access to their UOB TMRW app once any apps or tools that are sharing their mobile devices’ screens are detected.
The second update will restrict access to the banking app upon detection of any apps that were downloaded from third-party or unauthorised sites with risky permissions on customers’ mobile devices.
This article was first published in The Straits Times. Permission required for reproduction.