Hong Kong police in conjunction with Malaysian police recently made arrests related to a bank hacking scam that had been used to steal money from thousands of scam victims in Hong Kong.  While Scamicide is based in the United States, scams have no borders and we report on scams everywhere and while this particular bank hacking scam has not been reported elsewhere, it is reasonable to expect that the same malware and scam strategy used by the scammers in Hong Kong represents a threat in every country.

Like so many scams, this one originates on social media where the scammers set up fake online store pages that appear to sell legitimate products and services at attractive prices.  When people responded to the posts, the scammers told the targeted victims that they needed to download an online shopping app that was not found in the Google Play or Apple App store which is a red flag right away that we are dealing with a scam.  The scammers then directed to the targeted victims to phony shopping websites where they would be prompted to enter their online banking information in order to pay for alleged shipping fees.  The apps the scammers directed their victims to download were actually Trojan horse apps that enabled the scammers to monitor the phones of their targeted victims and enable the scammers to steal their login information and passwords.  Making matters worse the apps that the scammers convinced their targeted victims to download also enabled them to intercept the codes sent by their victims’ banks as a part of dual factor authentication, thereby allowing the scammers to get total access to their victims’ bank accounts.

TIPS

One way to avoid scams such as this is to never do online shopping with a company that you have not researched to make sure it is legitimate.  One way to do this is through the use of Google’s Safe Browsing transparency report.  Here is a link that explains it. https://safebrowsing.google.com/  You also can look for reviews on third party sites such as Yelp.  Security software companies also offer software that will recognize phony websites.

The first rule in avoiding malware infected apps is to only get your apps from the Google and Apple official app stores.  Both of these do their best to weed out malicious apps.  Last year Apple reported that it rejected 1.7 million app submissions and Google indicated that it banned 173,000 developer accounts from Google Play.

Android users should use the Google Play Protect option which is on by default.  Google Play Protect does a safety check on apps in the Google Play Store before they are downloaded to your device and will remove harmful apps or warn you about questionable apps before they are downloaded.

If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is sign up for free using this link. https://scamicide.com/scam-of-the-day/