【原文】摘錄自6月15日香港《文匯報》：

有詐騙集團在社交平臺開(kāi)設虛假網(wǎng)購專(zhuān)頁(yè)推銷(xiāo)食品、旅遊和包車(chē)優(yōu)惠，誘使受害人下載植入木馬程式的非官方惡意手機App，暗中奪取受害人的手機控制權，從而掌握受害人網(wǎng)上銀行全部資料包括保安密碼，再不留痕跡地盜走受害人銀行存款。

在東南亞地區，有超過(guò)4,000人墮入該詐騙集團的陷阱，其中新加坡和香港苦主共佔近半，損失逾兩億港元。香港警方發(fā)現騙徒發(fā)送的部分木馬程式租用香港的伺服器，遂於早前聯(lián)同新加坡以及馬來(lái)西亞警方展開(kāi)代號「遙嶺」的行動(dòng)，三地共拘捕156人，包括在馬來(lái)西亞拘捕兩名詐騙集團骨幹。

香港警方日前公布案情指，2023年年中，香港警方和新加坡警方發(fā)現有犯罪集團以網(wǎng)上購物進(jìn)行詐騙。該集團在不同社交平臺，例如Facebook或Instagram開(kāi)設虛假商店專(zhuān)頁(yè)，聲稱(chēng)售賣(mài)不同貨品或者提供服務(wù)，包括食品、旅遊、包車(chē)服務(wù)等等。當有市民與假店主聯(lián)絡(luò )欲網(wǎng)購時(shí)，騙徒就會(huì )要求市民到WhatsApp平臺繼續通訊，在WhatsApp對話(huà)中，騙徒會(huì )假冒客服，發(fā)送一個(gè)非官方的檔案或超連結，誘使受害人下載並安裝App進(jìn)行網(wǎng)購。

該App中其實(shí)已安裝了木馬程式，騙徒會(huì )要求用家同意開(kāi)放該惡意App的所有權限，目的是令騙徒可以遠端監控市民手機。騙徒又會(huì )誘使市民在A(yíng)pp中輸入網(wǎng)上銀行理財登入資料，聲稱(chēng)是用來(lái)支付運費或其他雜費。

其間，騙徒會(huì )通過(guò)實(shí)時(shí)遠程監控，取得受害人的全套登入資料，繼而安裝偽冒成地圖的App以截取受害人一次性密碼短訊。

由於偽冒的程式與真正的地圖程式太相似，受害人往往未能辨識到兩者分別，未有移除偽冒地圖App。當騙徒由盜取受害人銀行資料，再轉走受害人銀行存款，得手後將相關(guān)惡意程式解除安裝滅證，受害人全程都未能察覺(jué)。

調查發(fā)現，東南亞地區有逾4,000名受害人。其中，新加坡警方在2023年共錄得1,899宗相關(guān)騙案，累計損失超過(guò)1億9,700萬(wàn)港元。香港則由2023年9月至2024年4月共有41宗同類(lèi)案件，受害人損失1,200萬(wàn)元，其中一名88歲老翁因為貪圖購物網(wǎng)站有折扣，在與對方溝通後下載惡意程式，結果被轉賬600萬(wàn)元。

該詐騙集團所使用的木馬程式在「暗網(wǎng)」購買(mǎi)，主要掛載在香港及馬來(lái)西亞的伺服器上。經(jīng)過(guò)三地警方深入調查，發(fā)現有50個(gè)木馬程式伺服器的租用人是兩名馬來(lái)西亞籍男子，馬來(lái)西亞警方拘捕兩名犯罪集團骨幹成員，新加坡警方則由2023年至今拘捕140人，香港警方拘捕10男4女（19歲至61歲），主要為傀儡戶(hù)口持有人。他們涉嫌由2023年2月至今年4月，利用31個(gè)戶(hù)口清洗3,450萬(wàn)元犯罪得益。

香港警方已對控制木馬程式的伺服器進(jìn)行數碼法理鑑證，並向相關(guān)社交平臺要求移除涉案的虛假專(zhuān)頁(yè)。

Scammers Use Fake Apps to Steal Deposit through Smart Phone

【譯文】A fraud syndicate has set up fake online shopping pages on social media platforms to promote special offers on food, travel and chartered buses, inducing victims to download unofficial malicious cell phone apps implanted with Trojan horse programs, so that they can secretly seizing control of victims' cell phones, then get hold of all the information of their online banks, including their security passwords, which can be used to steal the deposits of the victims without leaving any traces. More than 4,000 people in Southeast Asia have fallen into the trap of the fraudster, with nearly half of the victims in Singapore and Hong Kong losing more than HK$200 million. The Hong Kong police found that some of the Trojan horse programs sent by the fraudsters rented servers in Hong Kong, so they launched an operation code-named "Operation DISTANTHILL" together with the Singaporean and Malaysian police earlier and arrested a total of 156 people in the three places, including two backbones of the fraud syndicate in Malaysia.

The Hong Kong Police recently announced that in mid-2023, the Hong Kong Police and the Singapore Police discovered that a criminal syndicate was using online shopping as fraud. The syndicate set up fake store pages on social media platforms, such as Facebook or Instagram, claiming to sell other goods or provide services, including food, travel, chartered car services, etc. When a public member contacted the fake shop owner, they were told that the shop owner was not a member of the syndicate and that the shop owner was not a member of the syndicate. When a member of the public contacts the fake store owner to make an online purchase, the scammer will ask the member of the public to continue the conversation on WhatsApp. During the WhatsApp conversation, the scammer will pretend to be a "customer service agent" and send out an unofficial file or hyperlink to entice the victim to download and install the app to make an online purchase.

A Trojan horse program is installed in the app, and the scammer will ask the user to agree to open all the permissions of the malicious app so that the scammer can remotely monitor the citizen's cell phone. The fraudster will then trick the user into entering their online banking login details into the app, claiming that it is for payment of shipping or other miscellaneous fees. In the meantime, the fraudster will obtain the victim's complete set of login information through real-time remote monitoring, then install an app that pretends to be a map to intercept the victim's one-time password SMS.

As the fake program is too similar to the actual map program, the victim often fails to recognize the difference between the two and fails to remove the phoney map app. The victim remains unaware of the fraudster's actions when the fraudster steals the victim's bank details, transfers the victim's bank deposits, and then uninstalls the malicious program to destroy the victim's ID after the fraudster has gained access to the victim's bank account.

The investigation into the scam revealed a shocking number of victims in Southeast Asia, exceeding 4,000. In Singapore alone, the police recorded a staggering 1,899 fraud cases in 2023, resulting in a cumulative loss of over HK$197 million. Hong Kong also saw its share of victims, with 41 similar cases reported from September 2023 to April 2024, leading to a loss of $12 million. These numbers are not just statistics, they represent real people, like an 88-year-old man who lost $6 million after falling for the scam while trying to get a discount on a shopping website.

The Trojan horse program used by the fraudster group was purchased on the "dark web" and was mainly hosted on servers in Hong Kong and Malaysia. After in-depth investigations by the police in the three places, it was found that the renters of 50 Trojan horse program servers were two Malaysian men. The Malaysian police arrested two key members of the crime syndicate. In contrast, the Singaporean police arrested 140 people from 2023 to the present, and the Hong Kong police arrested ten males and four females (aged between 19 and 61), who were mainly puppet account holders. They are suspected of using 31 accounts to launder $34.5 million in criminal proceeds from February 2023 to April this year.

The Hong Kong Police have conducted digital forensics on the server controlling the Trojan horse program and have requested the relevant social media platforms to remove the fake pages involved in the case.◆ 琬琰