Since August 2021, many Australians have been getting scam text messages (SMS) about missed calls, voicemails or deliveries.
The Australian Competition and Consumer Commission (ACCC) have received over 12,000 reports of these scams, which involve convincing the victim to download an app containing malicious software called 'Flubot'.
What is different about this SMS scam?
The malicious software used in this scam, Flubot, can:
- read your text messages
- send text messages from your phone
- make phone calls from your number
- access your contacts
- send the infected link to your contacts
More importantly, it can capture your credit card and Internet Banking details from your phone, which may lead to significant fraud losses!
There is potential for the Flubot malware to evolve over time and attempt to imitate banking apps as well as Apple Pay, Fitbit Pay, Garmin Pay, Google Pay and Samsung Pay.
How do I protect myself from this scam?
Quite simply, NEVER click links received via SMS! If you don't click the link and don't install the app that follows, you'll be safe.
Credit Union SA will NEVER send you a link in a SMS.
What does a Flubot SMS look like?
So far, the text messages ask you to click on a link to track or organise a time for a delivery, or to hear a voicemail message.
If you click the link you will be prompted to download and install an app.
If you accept and install the app, your device will be infected, and you'll need to take urgent action. See below for further details.
Bear in mind, messages are likely to keep evolving over time, so please consider this and remember: don't click suspicious links!
Here are some examples of what it might look like:
Example: An SMS that says your order will be delivered soon
Example: SMS that claims you have 2 packages and it is your last chance to collect.
Example: This SMS says that a parcel is coming today.
Example: This SMS says it's your last chance to pick up a pending package.
What if I'm expecting a delivery?
With more of us preferring to do our shopping online, we’re more likely to think a 'delivery' SMS could be genuine.
The scammers know this and will always try to take advantage, often by pretending to be from Australia Post, DHL, Amazon or eBay.
Provided we stop, think and take the time to verify, we'll be fine! Scam SMS' are designed to trigger a sense of urgency, are often vague, poorly written and have strange web links.
Genuine courier messages will NEVER ask you:
- for personal information
- for financial information
- for payment
- to download an app.
If you’re unsure, you should be able to verify via another channel, such as email and the online shopping account.
What if I think I've caught the Flubot?
Act immediately! Your passwords and online accounts are now at risk from hackers.
- Contact your financial institutions. Call Credit Union SA on (08) 8202 7777
- Don't enter any passwords or log into any accounts on your infected device until it's clean
- If you need to check your online banking, it's important you use a different, safe device
- Change your passwords on a different, safe device.
To clean your device, you can either:
- contact an IT professional
- download official anti-virus software through your device's app store
- perform a factory reset of the device, as soon as possible