A woman thought she scored a good deal while buying mooncakes online, but ended up losing nearly $80,000 of her savings to a scam.
To make matters worse, she had intended to pay for her BTO flat with the money.
The 51-year-old woman, surnamed Li, had chanced upon a Facebook advertisement for a mooncake shop on Sept 14, Shin Min Daily News reported.
The ad was reportedly offering eight pieces of Musang King durian snowskin mooncakes at a discounted price of $29.90 instead of the original price $56.90.
Not wanting to pass on the deal, Li decided to buy two boxes to try, as she wanted to recommend them to her son if they tasted good, she said.
When Li contacted the seller, she was sent a link to download a mobile app and instructed to provide her shipping address via the app. She was also told to pay $1 to confirm the order.
"I knew there are many scams out there and was also worried that my money would be suddenly transferred out of my bank account, so I lied and said I don't use PayNow," Li told the Chinese evening daily.
The seller then reportedly said that they would help her to pay first.
After installing the app, her phone continued to function normally, Li said. When she checked her bank account that night, the money was also untouched.
The next morning, however, Li realised that she was unable to log into her banking app and immediately rushed to an ATM to investigate.
It was then that she discovered that over $76,000 of her savings had been transferred out of her bank account via four separate transactions.
Li revealed that the sum of money was meant for her BTO flat, where she had planned to use around $50,000 for the down payment and use the remainder for renovation expenses.
"After the money has been transferred out, I don't know what to do," she lamented.
Li also said that she did not receive any emails or SMS notifications notifying her of the fraudulent transactions.
She pointed out: "Even if text messages can be intercepted or deleted [by scammers], the bank should have sent email alerts as I had previously opted to receive internet banking alerts via both SMS and email."
The woman added that she should not have learnt of the incident only after making an effort to personally enquire about it.
While Li acknowledged she was at fault for downloading the malware, she believes that the bank should also take responsibility for not discovering the abnormal transactions in time.
The police confirmed with Shin Min that a police report was lodged and investigations are ongoing.
Banking credentials stolen by hidden keylogger in mobile apps
Over 750 victims have lost at least $10 million in the first half of the year due to unauthorised banking transactions performed by a malware scam, the police said on Monday (Sept 18).
Scammers would pose as sellers of various services and send victims a link to download and install an Android application and grant the app certain permissions to access their phone.
When making payment, victims' internet banking credentials were stolen by the malware's key-logging function, which allows scammers to access the banking app on the victims' phones and perform unauthorised transactions.
The police advise members of the public to take precautionary measures, such as downloading the Scamshield app and enabling security features such as two-factor (2FA) or multifactor authentication for banks, as well as setting transaction limits for internet banking.
For more information on scams, members of the public can visit www.scamalert.sg or call the anti-scam helpline on 1800-722-6688.
ALSO READ: Buying mooncakes online? Beware of this scam that made victims lose $325k in a month