Scam Apps: Here’s How Scammers Are Using Them To Steal Your Money
Author Avatar

As online scams become more rampant within the country, scammers, too, are constantly updating their tactics to swindle unsuspecting victims. The most popular mode these days appears to the phishing scams by getting victims to install malicious apps from external sources.

In a bid to raise public awareness, an app developer recently shared a demonstration of how dangerous it can be to download unverified apps outside of official sources such as the Google Play Store, Apple App Store, and Huawei AppGallery.

Shared on his Facebook page, Tan Aik Keong – who is also the founder of Agmo Studio, an enterprise mobility solution provider in Malaysia – demonstrated how these phishing scams work, from the beginning and where users would fall victim. In his demonstration, these scams begin with an SMS from an unknown number, informing potential victims that they have won a prize. To claim the reward, the victim is asked to download a mobile app through a link provided within the message. As you may expect, the link is not from an official source, and instead will download an Android Package (APK) file.

If you do end up installing this app, it will prompt you for permission to send and view your SMSes. Tan explained that this is a major red flag as allowing the app to do so enables the scammers to access transaction authorisation codes (TACs) – which are usually sent to you via SMSes to validate sensitive transactions. 

Once you have provided permission, you will then be directed to a page that features the prize that you have allegedly won. But before you can claim it – there is a catch! You may be required to first purchase an item (for instance, you may need to purchase a phone to get the prize). 

If you terminate the process at this point, then you are technically still safe. But if you do proceed with the purchase of the item, you will be led to a bogus website that mimics an actual bank’s site. As shown in Tan’s video, clicking on the payment button leads to a fake Maybank website, which looks remarkably similar to the real Maybank website. 

Upon keying in your username and password, Tan said an error message will usually pop out. For instance, you may be informed that the server is busy. At that point, you may think that your login is unsuccessful due to Internet connection or server issues, but in reality, this is all part of the scheme to capture your login details in the backend system. 

Now that the scammers already have your login details, all that is left is for them to log in to your bank account (through the real bank’s website, of course), and proceed to perform transactions. It is also possible for them to obtain the TAC required to approve these transactions as you have authorised the app to read your SMSes. 

As shown by Tan, it is quite easy for online scammers to trick us these days if we are not careful enough. Maybank, as well as other banks and governing bodies, have issued alerts to warn Malaysians of phishing scams that operate similarly. We have also reported similar phishing tactics that lure victims to download apps from unverified sources.

If you ever receive any suspicious SMSes that sound too good to be true, it most likely is. Be sure to avoid clicking on links in these text messages, and you should also always avoid installing apps from unknown sources.

You can watch the full demonstration here:

(Source: Tan Aik Keong (Facebook))

5 1 vote
Article Rating


Comments (0)

Notify of

Inline Feedbacks
View all comments
Top Apps Articles
Post Image
Astro 4K Ultra HD Broadcast To Be Available For Subscription By The End of This Year
Brian Chung
- 14th August 2018
By the end of 2018, Astro customers will be able to watch football matches in Ultra HD. Read on to know more about the 4k Ultra HD service.
Post Image
Shopee Introduces SPayLater, Lets Users Buy Items Now And Pay Later
Alex Cheong Pui Yin
- 18th January 2021
Shopee has introduced a new payment feature that lets its Malaysian users purchase items and pay for them […]
Post Image
How To Pay TNB Bills With Boost, GrabPay, And Touch ‘n Go eWallet
Pang Tun Yau
- 13th February 2020
In recent months, e-wallets (and even Shopee and Lazada) began offering bill payment options, which means Malaysians can […]
Post Image
Touch ‘n Go eWallet Now Accepted At 7-Eleven Stores Nationwide
- 21st October 2019
Malaysians can now pay for their purchases at 7-Eleven outlets all across the country via the TNG e-wallet.

Related articles

Related Posts Image
Related Posts Image
Related Posts Image
Related Posts Image