Woman who scanned QR code with malware lost $20k to bubble tea survey scam while she was sleeping

SINGAPORE – She visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea.

Enticed by what seemed like a good deal, the 60-year-old scanned the QR code on the sticker and downloaded a third-party app onto her Android phone to complete the “survey”.

That night, as she was sleeping, her mobile phone suddenly lit up.

Thanks to the app she had downloaded, scammers used it to take over her device and moved $20,000 from her bank account.

Worryingly, she is not the only victim of such malware scams.

In April, the police and the Cyber Security Agency of Singapore warned the public about downloading apps from dubious sites that can lead to malware being installed onto victims’ mobile phones.

They said such malware has resulted in confidential and sensitive data, including banking credentials, being stolen.

That month, the police also alerted the public to the resurgence of phishing scams involving malware installed on victims’ Android phones. The police had said that since March, there have been at least 113 victims who lost at least $445,000.

The case of the bubble tea survey scam was related to The Sunday Times by Mr Beaver Chua, head of anti-fraud at OCBC Bank’s group financial crime compliance department, last week.

He said: “While malware scams are not particularly new, scammers are getting increasingly innovative.

“Besides website pop-up banners, which are most common, pasting bogus QR codes outside F&B establishments is another cunning way to hook victims as consumers may not be able to differentiate between legitimate and malicious QR codes.”