上海阿婆的「鏡子詐騙」：一場精心設計的遠端人臉識別詐騙

近日，上海一位獨居的阿婆在家中遭遇離奇的詐騙事件——她只是像往常照了照鏡子，手機裡的四百萬養老金竟在幾分鐘內遭遇轉帳狂潮。幸好銀行風控系統及時攔下三百八十萬，但仍有二十萬不翼而飛。警方介入調查後發現，她的手機早在事發前就已被悄悄植入四款涉詐軟體。詐騙集團透過這些惡意程式，繞過銀行的人臉識別系統，無聲無息地操控她的帳戶。

事情的開端，是一通看似平常的「快遞客服」來電。幾天前，阿婆接到一位自稱快遞公司的客服來電，對方不僅準確說出她的姓名和訂單資訊，還聲稱包裹遺失，需要「配合退款流程」。在對方指引下，阿婆點開簡訊中的連結，下載名為「快遞理賠」的應用程式。殊不知，這正是詐騙陷阱的入口。

這款App其實是遠端控制軟體，詐騙集團透過它全面接管阿婆手機的權限，包括攝影機、麥克風、簡訊內容，甚至能進行實時的螢幕操作。更可怕的是，詐騙集團並未立刻行動，而是在阿婆不知情的狀況下，進一步安裝三款功能更隱蔽的惡意工具：螢幕共享程式、簡訊攔截木馬，以及偽造人臉識別的模組。

這些工具的作用環環相扣。螢幕共享讓詐騙分子可即時觀察阿婆的手機畫面；簡訊攔截木馬則能自動屏蔽來自銀行的驗證碼，並將其轉發至詐騙者手中；而最關鍵的偽人臉模組，則在進行身份驗證時，悄悄以事先錄製的影片替代實時影像。

幾天後，詐騙集團終於發動攻勢。當日，阿婆站在鏡子前整理頭髮時，手機突然跳出提示：「銀行系統升級，需重新進行人臉驗證。」阿婆依指示對著鏡頭眨眼、轉頭，以為是在配合銀行操作，實則已落入圈套。這個所謂的「驗證」界面，其實是詐騙分子預設好的轉帳介面，他們利用阿婆即時提供的人臉資料，通過銀行的識別系統。

由於手機早已被完全掌控，詐騙者得以跳過簡訊驗證步驟，直接登入網銀系統並進行轉帳操作。短時間內，帳戶中的資金被分批轉出，單筆金額最高達五十萬。雖然銀行風控系統察覺異常，及時凍結部分交易，但仍有二十萬遭轉出，且被迅速拆分至多個帳戶，再經由虛擬貨幣洗錢，難以追查。

這類詐騙模式的核心，在於結合社交工程學、遠端操控技術以及對人臉識別機制的劫持。他們不僅透過非法管道取得受害者的快遞與購物資料，增加話術的真實性，更設計惡意程式誘導下載，將手機變成任人宰割的「傀儡」。當人臉數據被竊取後，便可如入無人之境般完成整個詐騙流程。

在這起案件中，最諷刺的是：一個日常如洗臉、照鏡子的小動作，竟成詐騙分子觸發攻擊的「暗號」。而這也反映當今社會的一個危機：科技愈是便利，風險便愈加潛藏。尤其對於防範意識相對薄弱的長者而言，這樣的陷阱防不勝防。

面對日益高明的詐騙手法，民眾應提高警覺，避免安裝來路不明的應用程式，尤其是透過簡訊或電話引導的「客服軟體」。建議關閉手機的「無障礙模式」，這是許多惡意程式常要求啟用的操控通道。同時，對突如其來的人臉驗證提示保持警覺，應先與官方核實，而非盲目操作。定期檢查手機內的應用清單，刪除不明來源或長期未使用的軟體，也是保護自己的重要一步。

這起詐騙案不僅揭露人臉識別背後的風險，也為所有人敲響警鐘：在數位時代，資訊安全不再是冰冷的技術問題，而是與我們每一個人的財產、尊嚴，甚至生活習慣息息相關。對長者來說，除自我警覺外，家人的主動協助與陪伴更是不可或缺。唯有建立起一層又一層的防線，才能避免更多無辜的人成為下一個受害者。

Shanghai Granny’s “Mirror Scam”: A Sophisticated Remote Facial Recognition Fraud

Recently in Shanghai, an elderly woman living alone fell victim to a bizarre and highly calculated scam. All she did was look into her mirror, as she usually would, and within minutes, her mobile phone was used to initiate a flurry of bank transfers—putting her 4 million yuan retirement fund at risk. Fortunately, the bank's risk control system managed to intercept 3.8 million yuan in time, but 200,000 yuan still vanished without a trace.

A police investigation later revealed that the victim’s phone had already been secretly infected with four fraud-related apps before the incident occurred. The scammers used these malicious programs to bypass the bank’s facial recognition system and silently gained full control over her account.

The incident began with what seemed to be an ordinary phone call from a “courier service representative.” A few days prior, the elderly woman received a call from someone claiming to be from a delivery company. The caller accurately stated her name and recent order details, and claimed that her package had been lost and a refund process needed to be initiated. Guided by the caller, she clicked a link sent via SMS and downloaded an app called “Delivery Compensation.”

Unbeknownst to her, the app was actually a remote control tool. Through it, the scam ring gained access to her phone’s functions—camera, microphone, SMS messages, and even real-time screen control. More disturbingly, the scammers didn’t act immediately. Instead, they used the app to secretly install three additional covert tools: a screen-sharing program, an SMS interception trojan, and a fake facial recognition module.

These tools worked in unison. The screen-sharing program allowed the scammers to watch her phone activity in real time. The SMS interceptor automatically blocked and forwarded bank verification codes. The most critical of the three—the fake facial recognition module—replaced live facial video during authentication with a pre-recorded video of the scammer.

Several days later, the fraudsters launched their attack. On that day, the elderly woman stood in front of her mirror, tidying her hair, when her phone suddenly displayed a prompt: “Bank system upgrade, identity verification required.” Believing it to be a legitimate request from her bank, she followed the on-screen instructions—blinking and turning her head toward the camera. In reality, she had just triggered the trap.

That “verification” screen was in fact a fake interface built by the scammers to mask a bank transfer process. Using the facial data captured live, they passed the bank’s facial recognition and logged into her account. Since her phone was fully controlled remotely, they were able to bypass SMS verification and directly access her online banking.

Within a short time, large sums were transferred out in batches—the highest single transaction reaching 500,000 yuan. Although the bank’s security system detected suspicious activity and froze part of the transactions, 200,000 yuan had already been successfully withdrawn. That amount was quickly split across multiple accounts and laundered via cryptocurrency, making it extremely difficult to trace.

The core of this fraud model lies in a combination of social engineering, remote control technology, and the hijacking of facial recognition mechanisms. The fraudsters obtained victims’ delivery and shopping records through black market data channels, enhancing the credibility of their approach. They then lured victims into downloading malicious software that turned their phones into “puppet devices.” Once facial data was harvested, the scammers could complete the entire fraud process undetected.

What’s most ironic about this case is that a simple everyday action—like looking into a mirror—became the trigger for a meticulously timed cyberattack. It highlights a growing risk in modern society: the more convenient technology becomes, the more hidden dangers it may pose. Elderly individuals, often with weaker digital security awareness, are especially vulnerable to such traps.

As fraud tactics grow more sophisticated, the public must raise their guard. Never install unknown apps, especially those recommended via SMS or phone calls claiming to be “customer service.” It’s highly advisable to disable the “Accessibility Mode” on mobile devices, as this is frequently exploited by malicious apps to take control. Be especially cautious of sudden facial recognition requests; always verify directly with your bank before taking any action. Regularly check and clean up your installed apps, deleting those of unclear origin or that haven’t been used in a long time.

This case is not only a warning about the hidden dangers behind facial recognition technology—it’s a wake-up call for everyone. In the digital age, information security is no longer just a technical issue; it’s something deeply connected to our finances, dignity, and daily habits. For elderly users, self-awareness is important, but even more critical is the proactive support and involvement of family members. Only by building multiple layers of defense can we prevent more innocent people from becoming the next victims.