The Singapore Police Force (SPF) put out an advisory on Aug. 11, warning the public of a fake GST Voucher app that is making the rounds.
This app is part of a scam that allows malicious actors to gain control of a mobile phone, giving them access to passwords and accounts that are stored on the device.
What to look out for
There are postings on Facebook or messages on WhatsApp that request victims to download the GST Voucher app and integrate it with their bank account.
The examples provided by the police indicate that the scammers used an infographic of the GST Voucher by finance blog Seedly and included a call to action.
Seedly informed Mothership that their infographic--which is an old version--was used without their permission.
Example of a Facebook post with an infographic stolen from Seedly. Credit: SPF
Example of a Facebook post with an infographic stolen from Seedly. Credit: SPF
Clicking on the link will direct victims to a page that looks like this:
Webpage where victims might download the fake app. Credit: SPF
This webpage contains an Android Package Kit (APK) file.
It is typically labelled as "GST Voucher".
"This is a malicious APK file," said the police.
"Members of the public are advised NOT to download any suspicious APK files on their devices as they may contain malware which will allow scammers to access and take control of the device remotely as well as to steal passwords stored in the device."
The police also reiterated that downloading mobile apps from third-party or dubious sites can lead to malware being installed on one's mobile device.
What to do if you suspect that you have downloaded a malicious app
If you think that you have downloaded a fake app, or suspect that your phone has malware installed, here are some steps that you can take:
- Turn on your phone's "flight mode".
- Run an anti-virus scan on your phone.
- Check your bank account/Singpass/CPF etc for any unauthorised transactions using another device, such as a computer.
If there are unauthorised transactions, alert your bank, relevant authorities, and lodge a police report.
If you believe that your phone has not been infected with malware after completing the steps above, you may resume usage of your phone.
As a further precaution, you may consider doing a “factory reset” of your phone and changing important passwords.
For more information on scams as well as the current variants that are being reported, you can visit www.scamalert.sg.
Top images: SPF.