In the last five months, many Australians have been receiving scam text messages about missed calls, voicemails or deliveries and more recently about photos being uploaded.
These messages will contain a link and by clicking/tapping the link in these messages, malware (malicious software) may be downloaded on to your device which may compromise your personal details.
This is known as the ‘Flubot’ scam.
As a general rule, if you receive a text message that contains a link, do not click or tap on the link. Delete the message immediately.
How to identify a Flubot message.
There are a number of variants of the Flubot text messages and some of the main categories have been detailed below. However scammers are frequently updating the message content and format.
These messages will often refer to DHL and always ask you to take some sort of action in relation to the ‘delivery’.
Messages can include:
• Scheduling a delivery time
• Tracking a delivery
• Managing a delivery that is ‘in transit’ or will be ‘delivered soon’.
• Telling you it’s your last chance to arrange pick/delivery of a parcel
• Asking you to enter your details to receive a package
• Getting ‘more information’ about your delivery.
This scam can sometimes be tricky to identify, as a lot of us have been shopping online more regularly over the past few months while being at home and will genuinely be expecting a delivery with tracking.
But there are few distinct features of these text messages that can help you identify the scam.
Often the message will contain some spelling errors, however a more telling feature is that the message will usually contain a link followed by 5-9 random letters. Example:
• The delivery time for your parcel is 03/09. Check out your options: http://example.com/g.php?l2r54ya alfal
• Your order will be delivered by DHL tomorrow between 11:26 and 14:26. Track progress https://example.com/n.php?la4pmtf6u yewv
• You have (1) Pending Package! Ref: DHL-6461W Last chance to PICK it up > https://www.example.com/t.php?kdnypf0ng0
• ARRIVAL today: your Amazon package. More INFO at http://example.com/n.php?la8zvtf0u
Voicemail and missed call notifications
Again this can be tricky to identify as you may also receive genuine messages for voicemails and missed calls. However these scam messages often begin with 5-9 random lowercase letter and/or numbers followed by a message saying you have a missed call or a voicemail has been received. They also often contain spelling errors. Example:
• ab12c3 Nfw voice yessage received
• gh6tr7 Voicemail message receiied
• x78y9z New oozce-message received
Scamwatch has now also reported scam messages that say your photos have been uploaded and provides a link to where the ‘album’ has been uploaded. An example of this message:
• Someone uploaded your | pictures. A whole album is uploaded - | here: https://www.example.com/h/?cftlkv">https://consult.priyalco.com/h/?cftlkv y6j
Along with these common scams, Scamwatch has also reported messages relating to Amazon deliveries, Zoom invites, Google verifications and ‘thank you’ messages from clinics.
What to do if you’ve downloaded the ‘Flubot’
If you have already clicked the link, your passwords and online accounts are now at risk. Take action immediately.
Do not enter any passwords or log into any accounts until you have followed the below steps. If you need to check your online banking, use a different device to do so.
Steps you can take:
• Perform a factory reset of the device as soon as possible. When performing a factory reset it's important that you don't restore from any backups created after you downloaded the app, as they will be infected. Ask an It professional if you unsure of the process as this varies from device to device.
• Once you have factory reset your phone, you should change your passwords for any accounts or applications you use on your device.
• Contact us to ensure your bank accounts are secure.
How to protect yourself - Summary
• Do not click on links in text messages
• Do not download anything advised or suggested in these messages
• Delete the message immediately.
• Do not call back the individual who sent the text. Scammers can disguise their caller ID as legitimate numbers to carry out these scams.
• Spread the word to your friends and family to protect them.
We encourage you to report scams to the ACCC via the report a scam page. This helps Scamwatch to warn people, monitor trends and disrupt scams where possible.
To keep up to date with the evolving Flubot scam as well as other current scams, monitor the Scamwatch website and follow the Scamwatch Twitter page.