Rightways Technologies: Cleaning service scam using APK file as part-time maids are just a decoy

Wednesday 27 April 2022

Cleaning service scam using APK file as part-time maids are just a decoy

PETALING JAYA: Besides unscrupulous local maid agencies, there are scammers offering part-time maids or “professional cleaning services”.

The Star found a few webpages offering “discounts on cleaning services” and upon contacting the service providers, a link was sent to customers with the request to install an Android package file (APK), a file format used by the Android operating system for the distribution and installation of mobile apps.

Installing the APK allows the syndicate to gain access to certain applications on the customer’s cellphone, including SMS.

This enables the scammers to obtain Transaction Authorisation Code (TAC) and other information when users pay for bookings via the app, to siphon money from the victims’ bank accounts.

One victim, Muhammad Nor Izzudin Hamzah, 32, told The Star that he lost nearly RM19,000 on April 23.

“I saw an advertisement on Facebook. My mistake was installing the APK and their app. I didn’t know my username and password were stolen when I made a booking.“The scammer’s site looked exactly like the website of the bank that I used. The APK and app that I installed had malware that enabled them to access my TAC messages.

“I only realised what had happened when I received a notification from my bank,” said the insurance agent.

Meanwhile, Smith Ang, 37, said he almost lost about RM5,000 to a syndicate using a different app late last year.

“This problem is actually quite rampant; some of my colleagues also got scammed through the maid service application as everyone is looking for part-time maids because there is a shortage of full-time helpers.

“When you click on the scammers’ advertisement, you will be directed to the perpetrators who will ask for your place of residence.

“They will send you a price list quoting RM40 for four hours and you are offered a discount. Then you are directed to use an app sent via Whatsapp,” said Ang.

“After choosing the service, you are given a choice of credit card or FPX as payment mode. But you find that the credit card option does not work.

“So you click on the FPX, select your bank and you will be ‘redirected’ to the bank’s ‘website’. It looks like the real thing but when you key in your username and password it will show ‘account information incorrect’ no matter which bank you choose,” he said.

Ang then received a text message saying that he had made a transfer to one “Nooralif Safwa”, but his quick reaction prevented losses.

“When they requested the OTP, I called the bank immediately before they transferred my money,” he said, referring to the one-time password.

Source link.