SINGAPORE — A total of 38 people, aged between 17 and 68, are under investigation for their suspected involvement in a recent spate of "fake buyer" phishing scams on Facebook and e-marketplace Carousell.

At least 419 victims have fallen prey to such scams since last month, with the total losses amounting to at least S$1.8 million, the police said in a press release on Wednesday (Feb 21).

In these cases, the culprits would pretend to be buyers and approach potential victims via messages within the mobile applications of Carousell or Facebook, expressing interest in the items that the victims had listed on these platforms.

After agreeing to the sale of the items, the "buyers" would send the sellers a malicious web link or QR code via email, in-app messaging, or WhatsApp on the pretext that this was for the sellers to receive payment. 

Upon clicking the links or scanning the QR codes, the sellers would be redirected to a spoofed website to provide their internet banking log-in credentials, credit card details and a one-time password. 

The sellers would realise that they had been tricked when they discover unauthorised transactions made from their bank accounts or cards.

Between Feb 13 and 19, the police conducted an anti-scam enforcement operation and rounded up 38 people for investigation.

Early investigations found that the subjects had allegedly facilitated the scams in several ways, some involving Singpass, which is the national authentication system for government and business e-services, and the digital identity for Singpass account holders.

Most of the subjects opened new bank accounts and relinquished them to the scammers or sold their bank accounts for as much as S$1,500 an account, or gave away their Singpass credentials for as much as $1,000 for each set of credentials.

The subjects would then fail to receive the promised fees from the scammers. 

Some had given away their banking or Singpass credentials in the applications of fake investment schemes, job scams or loan schemes, to purportedly receive earnings from investment, salary or a loan. 

One subject also assisted to receive and transfer money on behalf of the scammers.

The police advised the public not to click on dubious web links, disclose their personal or internet banking details and one-time passwords to anyone, and to download the ScamShield app on their phones.

The public should also report any fraudulent transactions to their banks immediately, and report any suspicious user and fraudulent transaction from an online marketplace to the e-commerce platform, the police added. 

For more information on scams, visit www.scamalert.sg or call the Anti-Scam Helpline at 1800-722-6688.