Nearly 2,000 victims fell for Android malware scams, at least S$34.1 million lost in 2023

ANTI-MALWARE MEASURES

SPF detailed a series of measures that were implemented last year to combat the spike in Android malware scams.

In August, OCBC became the first bank in Singapore to block some customers from using its internet banking and mobile banking app if it detected potentially risky apps downloaded from unofficial portals. The move drew flak from customers at the time.

Since then, OCBC has prevented 276 customers from losing S$38.8 million. This was based on customers’ reports that they sideloaded a suspicious app and observed anomalies on their devices, or suffered losses from other banks due to malware-enabled scams, said Ms Loretta Yuen, OCBC’s general counsel and head of group legal and compliance, last Thursday.

Various banks also rolled out upgraded versions of their apps with anti-malware measures.

“Since then, malware-enabled scam cases have started to decline drastically as more people had their banking apps upgraded,” SPF noted.

In November 2023, Singapore’s three local banks – DBS, OCBC, and UOB – introduced a money lock feature that allows customers to set aside part of their money in their bank accounts that cannot be digitally transferred.

As of January, more than 49,000 money lock accounts have been set up, with more than S$4.2 billion set aside, said SPF. Other major retail banks will progressively introduce the money lock feature by June.

In January, the director of the Association of Banks in Singapore said the banks will continue to improve on the design of their money-locking features over the coming months.

Currently, DBS and UOB customers have to set up new accounts to use the banks’ money-locking features. OCBC customers do not have to set up a new account.

OCBC’s Ms Yuen told reporters that as of Feb 9, S$4.4 billion has been locked across more than 40,000 OCBC accounts. About a third of these customers are aged 50 or above, while close to half of them are between 30 and 50 years old.

Ms Yuen cautioned that malware scammers’ methods are evolving, with OCBC seeing more scammers circumventing the anti-malware measures by guiding their victims step by step on how to do so and resulting in seemingly authorised transactions.

The bank is exploring two new measures but will give more details in the future, said Ms Yuen.

One such measure aims to detect scammers who are accessing victims’ banking apps without exerting pressure on the mobile phones. Another measure involves experimenting with “cognitive breaks”, such as changing certain wordings in OCBC’s banking app to “break the spell” of being scammed.