She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea.
Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.
That night, as she was sleeping, her mobile phone suddenly lit up.
Thanks to the app she had downloaded, scammers used it to take over her device and moved $20,000 from her bank account.
How the scam worksMr Chua said that when the victim scans the QR code, he is prompted to download an app containing malware and is made to grant access to the phone’s microphone and camera.
He is also asked to enable Android Accessibility Service, an app intended to assist users with disabilities, which allows the scammer to view and control the victim’s screen.
The scammer waits for the victim to use his mobile banking app and notes his login credentials and password. The scammer can also disable the facial recognition function, so the victim has to physically key in his details to log into his account, allowing the crook to record the information.
The scammer then accesses the camera to monitor the victim’s activity, waiting for the right moment to strike.
At night, when the victim is sleeping, the scammer takes control of the phone through the malware.
He logs into the victim’s mobile banking app and transfers money out of his bank account.
Said Mr Chua: “This scam is so insidious because scammers take over the victim’s phone. And because victims lose control of their Internet banking account, they won’t even know when their savings have been completely wiped out.”