Police warn of new fake friend scam call variant involving malicious links, malware

SINGAPORE — The police have warned of a new variant of the "fake friend call" scam, which involves scammers sending their victims malicious links and asking them for help in simple tasks.

Such tasks include making a purchase, a restaurant reservation or tracking a missing phone, the police said on Wednesday (July 5).

These links lead victims to either phishing sites or the download of malicious Android Package Kit (APK) files, used to distribute and install applications on Android mobile phones.

Fake friend call scams are a "persistent trend" in Singapore, the police added.

They usually involve victims receiving messages or calls from unknown phone numbers, with the person on the other line asking them to guess their identity.

The scammer would then assume the identity of the said person, claiming that he has a new contact number and asking the victim to update his contact details.

Since January 2023, at least 3,718 victims have fallen prey to such scams, with total losses amounting to at least S$12 million, the police said. 

For the new variant, victims would discover unauthorised transactions on their bank accounts or bank cards after keying their credentials on phishing sites provided by scammers.

Once victims download and install the malware, scammers would also be able to access the victims’ devices remotely and steal passwords stored in the devices.

In some cases, victims may be directed within the app to fake bank application login sites to key in their banking credentials to make payments within the app.

The malware, which comes with keylogging capabilities, would then capture the credentials keyed by the victims in the fake banking sites and send them to the scammers.

Unknown to the victims, the scammers would access the victims’ banking accounts to perform unauthorised transactions.

The public is reminded of the dangers of downloading apps from third-party or dubious sites that can lead to malware being installed on their devices.

The police said members of the public should adopt precautionary measures such as using the ScamShield app to avoid falling prey to such scams.

The public can set security features like enabling two-factor or multifactor authentication security checks for banks, or setting transaction limits on internet banking transactions.

They should also update their devices’ operating systems and applications regularly to be protected by the latest security patches and not grant permission to persistent pop-ups that request access to their device’s hardware or data.

When asked to download an unknown app, the public should check the developer information on the app listing as well as the number of downloads and user reviews to ensure it is a reputable and legitimate application.

Apps should only be downloaded and installed from the official Google Play store for Android users.

The public should also check for scam signs using official sources such as visiting www.scamalert.sg or calling the police's anti-scam helpline at 1800-722-6688 when in doubt.