2022-12-14 | Awas Modus

Beware of Package Courier Scams Sending APK Files!

The digital world has been hit by new fraud MO that involves a courier sending a photo of a package in an APK file. This ruse has been the talk of the town and you should be careful of it.

It runs by fraud perpetrators who pose as a courier of an expedition service company. Now that people are becoming more aware of this new MO, the fraudsters will use another way to scam people.

The chronology is as follows.

The fraud perpetrator sends a message on WhatsApp or email by notifying the victim that there is a package sent to their address, and attaching a photo under the name of ‘package’ for the victim to check. In fact, the attached file is a malicious APK file, which is very dangerous to open and install on your device.

This APK file is available for the Android OS. If installed, it will insert malware to harvest the victim’s personal information. So, Android users should be aware of this fraud.

To find out how much danger it poses, this article will explain it in detail so that you are careful and do not become a victim of fraud.

The Danger of APK Files

The file you clicked is not a photo, but an APK file that needs to be installed on your device. Then, you will be asked to give permission to allow the app to take photos and record videos, access your SMS, and can send SMS from your mobile phone.

Once installed, it only takes 45-60 minutes for the fraudster to empty all of your data, including m-banking data stored on your phone. It means that the fraud perpetrator will automatically gain access to your m-banking account. Even worse, they can remotely control your phone so they can do whatever they want.

Fraud usingAPK files is arguably a very dangerous scam. When you have clicked and installed the APK file, then all your data will be harvested and known by the fraudster. In fact, they can also know whatever you type, Simply put, the perpetrator will also know all the PINs, passwords, or OTP codes of your banking account..

By knowing the dangers posed by this APK file scam, you should never click on APK files carelessly which can compromise the confidentiality of your data including your m-banking account.

Enable Play Protect

Please remember to not carelessly install applications from unknown sources, such as package courier scam or other scams.

As we know, APK file can potentially drain all of your data, including m-banking data.

The steps you can take to anticipate the APK file scam are to activate play protect on the Play Store. They are as follows:

  • Go to Google Play Store, then click the Profile Icon
  • Select the Play Protect menu, then click the “Turn On” button to activate
  • Click the Setting icon, if all settings are on, it means the Play Protect is active
  • If you install a malicious application, a “Blocked by Play Protect”notification will appear

How to Block Unofficial App

To anticipate the fraud mentioned above, you can block the installations of programs that come from other than the Play Store. The method is quite easy. 

First, open the “Settings” on your phone, then search for “Install unknown apps”. Once found, just block/not allowed everything. Later, the display you will find will appear like this:

For Xiaomi/Redmi users, you can use the following steps:

  • Click “Settings” 
  • Then search for “Privacy Protections”
  • Select “Special Permissions”
  • Then search for “Install Unknown Apps”, then toggle the off button for all. 

For Samsung users, you can follow these steps:

  • Select “Settings”
  • Then search for “Application”
  • Click the three dots on the top right, then select “Special Access”
  • Search for “Install Unknown Apps”, then toggle the off button for all.

Make sure there no suspicious active applications on your mobile phone because it can be fatal to the data in it.

Learn about the Data Permission You Give to Apps

To increase the security of your data, you can start looking at what permissions you give to the applications that you install on your mobile device. 

Don't grant permissions to an app if you think it shouldn't need access to your data. Malicious APKs from scammers will ask for permissions such as camera access, GPS location, image data, reading SMS, sending SMS and many other permissions. Naturally, a legitimate app will only ask for permissions according to the app's intended function.

File a Report to Bank BCA

If you are a victim of this fraud, immediately report it to BCA. The Bank BCA will always be there to solve your problems.

You can directly contact the BCA official number:

✅ Halo BCA phone number at 1500888 (without any prefix)

✅ Bank BCA’s WhatsApp 08111500998 (green badge)

✅ Check the official BCA social media accounts at www.bca.co.id/socialmedia

Apart from that, you can also contact via the haloBCA, which can be downloaded from Play Store or App Store. 

Stay alert to all fraud and always check www.bca.co.id/awasmodus to keep yourself up-to-date with the fraud and how to anticipate them.