Scam alert: Wedding invite scam making rounds on WhatsApp
A new method of scamming Malaysians have been making rounds on WhatsApp lately.
As reported by the News Straits Times, the ‘wedding invite’ scam was first alerted to the public after Muhammad Ali Abdul Razak reported about the scam on his Facebook post.
In his post, he warns how the scammers will send a seemingly harmless invite to a wedding, after which the scammer will request that the victim download a file which they claim is the ‘digital invitation card.’
In truth, the ‘digital invitation card’ is an APK (Android Package Kit) file containing spyware used to ‘hijack’ the victim’s phone. If users download the file, the spyware will steal the victim’s personal data, including sensitive banking information, as well as TACs (Transaction Authorisation Code) and OTPs (One Time Password) to make illegal transactions.
In the screenshot above, the victim receives the ‘wedding invite’ from a WhatsApp Business Account number. When the victim asks who he is (‘Boleh tahu siapa niii), the scammer cheekily responded that he will find out when the victim downloads the ‘digital invitation card.’
Referring to the screenshot, notice how the scammers and the victim has had no prior interaction, with the scammers even refusing to identify themselves.
If encountered with a similar situation, we encourage you to block the number and immediately delete the chat.
How can I avoid being scammed?
The rule of thumb is to never download anything from an untrusted source. If possible, never download anything sent via SMS or a chat messaging app (WhatsApp, Telegram, etc).
If you need to download an app, only do so on the Google Play Store (for Android users) or the Apple App Store (for iOS users).
Any message that seems too good to be true should be scrutinized heavily before you decide to download or open a file. An example of a too-good-to-be-true message might be “You have just won RMXX,XXX, click here to claim your prize!”
These are often false messaging used to bait victims into downloading malicious files.
What is an APK file?
Simply put, an APK file is a file format used by Android operating systems to distribute and install applications. A single APK file will contain the elements needed for an app to be installed successfully in your device.
APK files are inherently safe.
However, sleazy scammers can install malicious spyware into an APK file and trick users into downloading the file. Once downloaded, the scammer will have full access to your device and all the personal data stored in it.
I think I’ve been scammed, what should I do?
If you are experiencing any suspicious activity, such as unauthorized transactions, take action immediately. The first thing a scammer will go for is your money, so cancel your credit or debit card before it gets compromised.
Maybank users have a ‘Kill Switch’ feature on the MAE app which will instantly deactivate your debit and credit cards. More banks are starting to follow suit, so check and see if your bank already has that feature in place.
Alternatively, call the bank as fast as you can to cancel your cards.
Once that’s done, contact the Commercial Crime Investigation Department (CCID) Scam Response Centre at 03-2610 1559 and 03-2610 1599 for advice.
You can also WhatsApp the CCID Infoline at 013-211 1222.
Read more of our related articles below.