Woman loses over $111,000 after downloading third-party app to buy durian tour ticket

Ms Lie had chanced upon an offer for a durian day tour, and was instructed to download a third-party app to browse the tour offers. PHOTO: MS LIE
Sherlyn Sim
Updated
Sep 29, 2023, 05:26 PM
Published
Sep 27, 2023, 04:30 PM

SINGAPORE – A part-time bakery worker lost over US$81,000 (S$111,000) to scammers who siphoned money from her two DBS bank accounts after infecting her Android phone with malware.

Ms Lie, 52, had on Sept 10 chanced upon a Facebook advertisement for a $28 durian day-tour ticket to Kulai, Malaysia, from a tour agency called “GD Travel & Tour”.

She was attracted by the offer as she had enjoyed a durian tour in 2022 and contacted the seller on Facebook.

The seller texted Ms Lie on WhatsApp and instructed her through voice messages to download a third-party app called EG Store on her phone to browse the tour offers.

“I wasn’t suspicious of him. He had a strong Malaysian accent and sounded very sincere. He was patient and helpful with my questions about the tour so I believed him,” she told The Straits Times.

Ms Lie eventually did not buy the tour ticket as her friends did not want to go. She did not provide him with her banking details or address.

She did not think much about the incident until a week later when she was trying to pay her credit card bills. She noticed that she could not log into her Internet banking app after multiple attempts.

Her son, who wanted to be known only as Mr Teo, called DBS immediately, thinking its digital banking services were disrupted.

It was only when a bank officer told Mr Teo that his mother’s account was locked on Sept 13 due to large transfers of US dollars that they realised something was amiss.

The scammers had raised her transaction limit and transferred over $110,000 out of two DBS savings accounts to five different bank accounts.

Ms Lie said she had set aside that money for her retirement and Mr Teo’s wedding in 2024.

“I cry every day and cannot sleep. This was my money saved over three decades. I deleted all the banking apps in my phone because I’m so scared,” said Ms Lie, who has three children.

Ms Lie sought help from DBS and reached out to Jalan Besar GRC MP Wan Rizal to waive the amount that was drawn from the bank accounts. She made a police report on Sept 18.

The police confirmed that investigations are ongoing.

More On This Topic
Woman loses over $44k after downloading third-party app to buy fish
Woman loses $76,000 after downloading third-party app to buy mooncakes

When contacted, DBS said it has dedicated resources to “act swiftly and assist” customers who are scammed, including a dedicated fraud hotline – 1800-339-6963 (from Singapore) or (+65) 6339-6963 (from overseas). It also has a safety switch function on the digibank app, which would temporarily block access to funds.

“We will assist these customers with necessary follow-up actions, which include making a police report, or replacing their cards/re-securing their accounts,” DBS said.

“As we intensify efforts to protect our customers, heightened vigilance and collective effort is crucial in combating scams and fraud.”

Ms Lie asked how the large sums in foreign currency were transferred out of her accounts without any notifications sent to her.

“Why didn’t I get any e-mails or one-time passwords (OTPs) from the bank (to verify the transactions)? What if I hadn’t checked my bank account? I wouldn’t have known that my money was stolen,” she added.

There have been similar scams recently in which “sellers” send victims payment links that download malware into their phones, enabling scammers to control their devices remotely and drain their bank accounts.

Following OCBC Bank’s lead, UOB and DBS recently announced greater controls aimed at protecting customers against malware-enabled scams.

DBS will be pushing out a new anti-malware tool on its DBS/POSB digibank app progressively from September. The anti-malware tool will restrict DBS users’ access to their DBS/POSB digibank app if it detects the presence of malware, apps downloaded from unverified app stores with accessibility permissions enabled, or ongoing screen sharing on a customer’s device.

Once a known malware is detected, customers will receive a pop-up notification requesting that they secure their devices. They can do so by disconnecting their mobile devices from the Internet and deleting suspicious apps to regain access to their banking app.

More On This Topic
UOB, DBS introduce new security features on banking apps to protect customers
Want to fight scams? We may have to ditch some practices that make transactions easy

Android phone users who had downloaded apps from unofficial app stores that had risky accessibility settings, found that they were unable to access their OCBC online banking services. They would need to delete these apps or turn off the risky settings to use OCBC app banking services again.

UOB started rolling out two new security features on its UOB TMRW banking app on Wednesday. The first update will restrict customers’ access to their UOB TMRW app once any apps or tools that are sharing their mobile devices’ screens are detected. 

The second update will restrict access to the banking app upon detection of any apps that were downloaded from third-party or unauthorised sites with risky permissions on customers’ mobile devices.

Join ST's WhatsApp Channel and get the latest news and must-reads.

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top