You may or may not be aware of a current Flubot scam involving text messages about missed calls or deliveries, with a link to click for further information.
When the link is followed, the user is prompted to download an app which installs malware on the user’s phone. This malware may replicate your internet banking login page, in order to collect login details, which can then used to commit fraud on your accounts.
Please read the information below from Scamwatch detailing what the scam entails and what to do if the software has been downloaded:
Since August 2021, many Australians have been receiving scam text messages about missed calls, voicemails or deliveries.
Scamwatch have received over 12,000 reports of these scams. These scams have also already been a problem internationally.
The text messages ask you to tap on a link to download an app to track or organise a time for a delivery, or hear a voicemail message. However, the message is fake, there is no delivery or voicemail, and the app is actually malicious software called Flubot.
Android phones and iPhones can both receive texts from the Flubot.
If you receive one of these messages, do not click or tap on the link. Delete the message immediately.
What the scam messages look like
Flubot text messages change regularly
Flubot scammers are regularly updating the text messages they send out to try and infect your device with Flubot. Recently, we’ve received reports of messages relating to Zoom invites, Google verifications and ‘thank you’ messages from clinics, as well as the major categories set out below.
Flubot text messages include a link which almost always contains a series of 5-9 random letters and numbers at the end of the link.
As a general rule, if you receive a text message that contains a link, do not click on the link.
Delivery notifications
Starting in September 2021, many Flubot messages now talk about a delivery. They usually refer to DHL and always ask you to take some form of action in relation to the ‘delivery’. There are also reports referring to Amazon deliveries. Unlike earlier Flubot messages (which are also still circulating), the new text messages may not contain spelling mistakes, so they can be harder to spot. However, they do contain a website link followed by 6-8 random letters and numbers.
Voicemail and missed call notifications
Missed call and voicemail messages started circulating in Australia in August 2021. They often begin with 5-6 random lowercase letters or numbers, then say you had a missed call or voicemail message.
The text message often includes several misspellings. After saying you have a missed call, voicemail or message, the messages include a link. The message may also say the voicemail message will be automatically deleted if you don’t access it.
What happens if you click or tap the link
Clicking/tapping the link could lead to downloading malware (malicious software) to your phone.
Here's what each type of scam looks like.
For delivery texts
You'll see a screen with:
- stolen DHL / courier branding
- a button or link asking you to download an app to track your delivery's progress
The page sometimes says your phone may flag the app as suspicious and that you should ignore this warning.
For voicemail/missed call texts
You'll see a screen with:
- your phone number
- a note saying how long the fake message is (such as 2 minutes and 34 seconds)
- a link to 'download voicemail app' and instructions to enable the download of the application if this was blocked initially by your phone
If you have an Android device
If you have an Android device, it will download an application called Voicemail71.apk or DHL34.apk. This application is malware.
You would then be asked to install the application.
The application may be able to:
- read your text messages
- send text messages from your phone
- make phone calls from your number
- access your contacts
Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.
It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam.
If you have an iPhone
If you have an iPhone, you may see a link to download software. This software isn’t the same as Flubot, but it can still damage your device.
What to do if you’ve downloaded the Flubot
Act immediately. If you have already clicked the link to download the application, your passwords and online accounts are now at risk from hackers.
Don't enter any passwords or log into any accounts until you have followed the below steps. If you need to check your online banking, use a different device to do so.
- contact Summerland and ensure your accounts are secure
- clean your device to remove the malware, with the help of an IT professional
- download official Android anti-virus software through the Google Play Store
- perform a factory reset of the device, as soon as possible
- change your passwords and secure your information, from another device
How to protect yourself
- Do not click on links in text messages saying you have a voicemail or missed call.
- Do not call back the individual who sent the text. It’s unlikely that they are a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing.
- Delete the message immediately.
- Learn more about FluBot scams and other relevant phone scams at the ID Care website.
For more information and details on what to do if you have been scammed, please check the Scamwatch Flubot page.