The Flubot Scam

We would like to make you aware of an emerging scam whereby you could receive scam text messages about deliveries and voicemail or missed calls.

The text messages ask you to tap on a link to download an app to track or organise a time for a delivery of a parcel you purportedly ordered, or you may hear a voicemail message. However, the message is fake, there is no delivery or voicemail, and the app is actually malicious software called Flubot.

Android phones and iPhones can both receive texts from the Flubot.

If you receive one of these messages, do not click or tap on the link. Delete the message immediately.

N.B. We’ve sought information from The Australian Competition and Consumer Commission (ACCC) Scamwatch website for the production of this article.

1. Delivery Messages

Messages can include:

  • scheduling a delivery time
  • tracking a delivery
  • managing a delivery that is ‘in transit’ or will be ‘delivered soon’
  • telling you it’s your last chance to arrange pick up/delivery of a parcel
  • asking you to enter your details to receive a package
  • getting ‘more information’ about your delivery.

Messages will contain a website link followed by 6-8 random letters and numbers. Here are some examples:

  • The delivery time for your parcel is 03/09. Check out your options: http://example.com/g.php?l2r54yaalfal
  • Your DHL order ID1842225 will arrive soon. Track progress here
  • Your order will be delivered by DHL tomorrow between 11:26 and 14:26. Track progress https://example.com/n.php?la4pmtf6u yewv
  • You have (1) Pending Package! Ref: DHL-6461W Last chance to PICK it up > https://www.example.com/t.php?kdnypf0ng0
  • You must enter your details 2cc receive your package with DHL https://www.crabsunion.com/0axazu.php?gdk642k
  • ARRIVAL today: your Amazon package. More INFO at http://example.com/n.php?la8zvtf0u
  • Arriving today: your (d08) Amazon {s7} package. More info at https://example.com/n.php?ps7gxif4s

2. Voicemail and missed call notifications

Missed call and voicemail messages often begins with 5-6 random lowercase letters or numbers, then say you had a missed call or voicemail message. The text message often includes several misspellings. Here are some examples.

  • ab12c3 Nfw voice yessage received
  • gh6tr7 Voicemail message receiied
  • x78y9z New oozce-message received

After saying you have a missed call, voicemail or message, the messages include a link. The message may also say the voicemail message will be automatically deleted if you do not access it. Ignore and delete the message.

3. What happens if you click or tap the link

DO NOT click or tap the link!

Clicking/tapping the link could lead to downloading malware (malicious software) or installing unauthorised apps on your phone. Once installed, the application is able to read and send text messages, make calls and access and uploads the infected phone’s contact lists to a central server, which then distributes these to other infected Australian phones, so that those phones can send the Flubot messages to the numbers copied from contact lists.

  • If you have an Android device. If you have an Android device, it will download an application called Voicemail71.apk or DHL34.apk. This application is malware. You would then be asked to install the application e.g. a DHL app. DO NOT install it.
  • If you have an iPhone. If you have an iPhone, you may see a link to download software. This software isn’t the same as Flubot, but it can still damage your device.

4. What to do if you’ve downloaded the Flubot

The Australian Competition and Consumer Commission (ACCC) Scamwatch website (see www.scamwatch.gov.au for more information) offers the following advice.

Act immediately. If you have already clicked the link to download the application, your passwords and online accounts are now at risk from hackers.

DO NOT enter any passwords or log into any accounts until you have followed the below steps. If you need to check your online banking, use a different device to do so.

Clean your device

Cleaning your device using the steps below will remove the malicious software from your device.

To clean your device, you can:

  • contact an IT professional
  • download official Android anti-virus software through the Google Play Store
  • perform a factory reset of the device, as soon as possible.

The best way to make sure that your phone is clean is to use the ‘Erase all Content and Settings’ or ‘Factory reset’ features. The exact name of the feature will depend on the device you have. Performing this reset of your device will delete all of your data including photos, messages, and authentication applications.

When performing a factory reset, it’s important that you don’t restore any backups created after you downloaded the app, as they will be infected.

Change your passwords and secure your information

If you have logged in to any accounts or apps using a password since downloading the app, you need to change your passwords.

If you have used the same passwords for any other accounts, you also need to change those passwords.

Contact your bank and ensure your accounts are secure.

How to protect yourself

  • Do not click on links in text messages saying you have a voicemail or missed call.
  • Do not call back the individual who sent the text. It’s unlikely that they are a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing.
  • Delete the message immediately.
  • Learn more about FluBot scams and other relevant phone scams at the ID Care website .

Have you been scammed?

  • Make a report to ReportCyber if you have been a victim of this cybercrime.
  • We encourage you to report scams to the ACCC via the report a scam This helps us to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example by including the email or screenshot.
  • If you have lost personal information to a scammer and are concerned, you can contact IDCARE.
  • Visit Stay Smart Online to learn more about these scams and the best ways to protect yourself online.
  • Spread the word to your friends and family to protect them.

Profitable loans with the best interest rates!