Crimewatch 2022 EP8 | Cybercrime intercepted in the nick of time
Martin, lunch? I'm just clearing a few invoices first. -I will join you later. -Sure. How did we get hacked? And now all our files are locked! I can't access any of our customer payment details. Yes, this is what happens during a ransomware attack.
So, do we pay the ransom? No. As Head of IT, I instituted a company policy that we don't respond to ransomware threats. But...Then the hackers won't unlock our files. Martin, even if we pay the ransom, this does not guarantee that they will unlock our files. There have been several reports of ransomware cases where the hackers asked for even more money after the ransom has been paid.
Okay, then how are we going to get our files back? I will get my IT guys to try some decrypters, see if we can unlock the files. Okay, sounds good. But we may not be able to recover all the files. Some data may be lost, like our customer payment details. Moving forward, what we should do is to improve our cyber security. We have to run more regular updates on our anti-virus software and firewalls.
Try to stay one step ahead of the hackers. I will let our CEO know about this. And we should make a police report about this ransomware attack. Madam.
We had another case referred over from Bedok Police Division today. I believe we now have a series of misuse of credit card cases related to purchases from the online merchant platform, Singa Supermart. Unauthorised transactions amounting to more than $20,000.
Run me through the details of the case. One of the victims, Ananya Bhatt, discovered several Singa Supermart transactions on her bank statement at the end of the month. But she doesn't have a Singa Supermart account nor has she ordered anything from Singa Supermart. She called her bank to clarify that she didn't make any of the purchases stated. The bank confirmed that the Singa Supermart transactions took place, but they helped the victim reverse the charges.
They also cancelled the victim's credit card and advised her to make a police report as soon as possible. So all the victims, like Ananya Bhatt, didn't have Singa Supermart accounts? Yes. -Any other patterns? -So far, no.
Preliminary investigation shows that the credit cards used are from various credit card companies, several banks, and the victims are a mix of locals and foreigners. Ananya Bhatt reported seven unauthorised transactions amounting to about $1,800 on her credit card from Singa Supermart. I will go get more information from Singa Supermart. Rahman, Winston, you guys keep analysing the reports.
Okay. As I told the police officer, there have been quite a few of these suspicious transactions lately. Mr Seah, when did these suspicious transactions first start? About two months ago.
Can you tell us a bit more about them? In each instance, we got a call from a bank regarding purchases made at our supermarket using their customer's credit card. The bank then requested us to cancel the transactions because the customer did not make them. Then what happened? Then we carried out our own investigation and found out that the credit card owner was not the same person as the registered Singa Supermart account owner. And when we tried to contact the registered account owner using the phone number provided, it did not work and there was no response from the email address.
Isn't that a red flag? When the credit card holder's name doesn't match the Singa Supermart account holder's name? No. Sometimes, a customer will make purchases for a friend, using the account. What details do you require from a customer in order to create an account? A phone number, an email address and a physical address. You don't need payment details when a customer first signs up? No. Only when the customer makes a purchase. I see. And what about the deliveries?
Were they all delivered to the same address? No. Okay. We'll need to speak to everyone involved in the deliveries. Okay. I will get you their names and contacts.
Thank you, Mr Seah. We'll also need all the details of the suspicious transactions. Sure. It will take me a while to compile it, but I will forward it to you as soon as I can. All the delivery persons said that when they reached the delivery address given, they could find the block but not the unit number.
So they would call the customer, who would then arrange to meet them at the void deck of the block. So we don't have a physical address to track him down to. He's cunning. Could the delivery persons give a physical description of the person who collected the items? All the delivery persons said the same thing. The person who collected the items was a Chinese male of average built and height. That's it. No other physical description
because he was always wearing a surgical mask. So we can't even be sure if it's the same suspect in all the cases or whether there were others. Identification will be challenging. So we must catch the suspect in the act. Winston, what about the email addresses and phone numbers that the suspect used to open the Singa Supermart accounts? Multiple phone numbers were used but they were all pre-paid and belonged to foreigners who have since left the country.
As for the email addresses, we can't trace them. We believe the suspect is using a VPN to mask his online activities. We found a pattern after trawling through the combined data from Singa Supermart and the police reports filed. All the deliveries were made to a defined area, between block 350 to 370 of Bukit Batok North.
That narrows down the possible location of the suspect. I also realised that the purchases consisted mainly of milk powder and health products. Over 200 tins of milk powder were bought in the last two months.
Surely one family cannot consume so much milk powder. That's a good point. So he may not be buying them for his own consumption. He must be re-selling them somehow. Rahman, check online marketplaces like Buy Now Sell Now.
See if there's been anyone in the last two months who have been selling a lot of milk products. Winston, let Mr Seah know to be on the look-out for any purchases involving milk products with a delivery address between block 350 to 370 of Bukit Batok North, and where the credit card holder's name doesn't match the account holder's name. Yes, madam.
Madam... It's Mr Seah from Singa Supermart. They just logged a suspicious transaction.
It ticks off all the boxes. Hi, Mr Seah. This is SIO Ann. I understand you have a suspicious transaction? Yes...Delivery order #525162.
It's for six tins of milk powder, to block 354 Bukit Batok North. The delivery is scheduled for this afternoon. But we can cancel it immediately if you want. Who is the delivery to? Mr Dominic Thio. And what is the credit card holder's name? Hyder Azman.
We want to ambush the suspect, Mr Seah. But we're going to need your help. You have our full cooperation.
We are investigating a series of misuse of credit card cases linked to Singa Supermart. The victims discover fraudulent transactions on their credit cards from Singa Supermart, and all the deliveries have been to different blocks in the Bukit Batok North area, from block 350 to 370. Singa Supermart just alerted us to another suspicious transaction. We've checked with the credit card holder, Hyder Azman, who has confirmed that he did not purchase anything from Singa Supermart today. We are planning to ambush the suspect.
The suspect's modus operandi is that he will give a unit number that does not exist. The delivery person will then have to call him for instructions, at which point the suspect requests to collect the items at the void deck of the block. We will wait for the Singa Supermart delivery person to complete the delivery. We will then ambush the suspect after he has collected the items and the Singa Supermart delivery person is a safe distance away. Now, everyone, please be on the alert.
The void deck is an open area with multiple exit points, and we have no idea where the suspect will approach from. We also have no visuals of the suspect other than he is a Chinese male of average height and build, as he always wears a surgical mask. The delivery is scheduled for 4.30pm today.
We have two hours to prepare. Let's go. It's almost 4.30pm. Call the suspect. -Hello? -Hello, is this Mr Dominic Thio? I am from Singa Supermart. I cannot find your unit. Where is it?
Actually, it's not very convenient to deliver it to my house now because my daughter is having tuition. Where are you? Maybe I can collect it from you at the void deck? I will meet you at the lift lobby? Okay, sir. But how do I know it's you? I will be wearing a surgical mask. So just look out for a guy wearing a mask, okay? Okay. Suspect is on the move. Meeting point is the lift lobby at block 354.
All teams be on the alert, look out for a man wearing a surgical mask. Our delivery guy is headed to the rendezvous point now. Suspect sighted, he's wearing a surgical mask and a green hoodie, over. Mr Dominic Thio.
Thank you. Police! Police! I'm Senior Investigation Officer Ann Goh from the Technology Crime Investigation Branch. You are under arrest for cheating. Cuff him. What is your name? Is this yours? According to your IC, your name is John Foo Chi Yang.
Is that correct? Yes. When we arrested you, your mobile phone was open to the Singa Supermart app. It was on delivery number #525162. Did you make that order? Did you make that order? Suspect is uncooperative.
But his place of residence is nearby. Let's go. Are all of those yours? Mr Foo, on your computer, we found a Notepad document with stolen credit card details. I didn't steal the cards! We also found that your browser had several Singa Supermart accounts open. These accounts are linked to recent misuse of credit card cases where stolen credit card details were used to make purchases.
All of these fraudulent transactions can now be traced back to you. We also found a Dark Web browser on your computer. And our tech forensics have managed to recover your chat logs online. They indicated that you were attempting to buy illegal data from 747 Alvin. Who is 747 Alvin? Some foreigner.
Trades in stolen credit card details. We met online. He told me where his latest batch was uploaded to.
So you knew that the credit card details from 747 Alvin were obtained through illegal means? Yes. Phishing. Malware.
Ransomware. But I didn't steal the cards. Have you bought stolen credit card details from 747 Alvin previously? How much did you pay for it? USD$150. I also bought prepaid sim cards which were illegally obtained for my purchases on Singa Supermart. Were you working alone? Yes.
In the case you have just seen, more than $20,000 in unauthorised transactions were made using the stolen credit card details of innocent victims. Thanks to the analysis and investigations conducted by the Technology Crime Investigation Branch in close coordination with officers from Bedok Police Division, the suspect was located and arrested. Under the Computer Misuse Act, or CMA, it is an offence to obtain or deal in personal information obtained illegally from a computer for illegitimate purposes.
Examples of personal information include credit card details or other information that can identify an individual. It is also an offence to obtain and deal in items which may be used to commit a CMA offence. Such items include hacking tools that are used for committing the offence. Here's more on how you can safeguard yourself from cybercrimes such as ransomware.
Ransomware is a type of malware designed to encrypt files on a device until a ransom is paid to decrypt the files. If victims do not pay, they are unable to access their databases. Customer data and sensitive information could also be sold for criminal purposes. Ransomware has become more widespread globally. Cybercriminals have become bolder and are now targeting larger organisations and even essential services such as healthcare.
Likewise, Singapore has seen a rise in ransomware cases. There were 137 ransomware cases in 2021, a jump from 89 cases in 2020. So, what should you do if you have fallen prey to ransomware? We do not recommend that you pay the ransom, since there is no guarantee that your data will be decrypted. It may also encourage the cybercriminal to continue targeting more victims.
Follow these three good cyber-hygiene tips to avoid becoming a victim of ransomware. Firstly, update your devices regularly and install an anti-virus that can detect and remove malware. Secondly, avoid clicking on pop-up ads or opening attachments from unknown senders. Lastly, back up your data regularly in a separate offline system so that you can restore your data in the event of a ransomware attack. If you encounter cyber threats, visit CSA's website for more information. Cybersecurity toolkits for organisations are also available for free.
In the first half of 2022 alone, a total of $346.5 million was lost to scams. 14,349 scam cases have been reported in 2022 thus far, almost double the number of cases in 2021. So it's more important than ever to protect yourself from scam calls and SMSes. There's no better way to do that than with the ScamShield app.
Download the ScamShield app to filter scam messages and calls to your phone so you don't have to waste time dealing with them. The app does not collect or store any personal data. Curious about how it works? By identifying key words using artificial intelligence, ScamShield protects you by detecting scam messages and blocking scam calls. Blacklisted phone numbers used by scammers will also be blocked by the app.
ScamShield gives you a quick and easy way to report scam calls and SMSes. In addition, ScamShield will also alert you about the latest scams, so you'll always be up to date. Don't wait. Download ScamShield now to protect yourself from scams.
We have come to the end of this episode of "Crimewatch". I'm DSP James Goh. Until next time, do your part to prevent, deter and detect crimes. Captions: Gayle Mak, Mediacorp Pte Ltd