In recent months you may have heard the term Flubot. This new type of scam has been targeting Australians since August 2021 and uses seemingly legitimate text messages to try and reach their targets. So, let’s discuss how to identify a Flubot scam and how to protect yourself.
What is a Flubot scam?
A Flubot scam begins with a text message about a missed call, voicemail, or even a delivery. These messages often ask you to click a link to track a delivery, hear a voicemail message, or even view photos.
Although they may appear realistic, the messages are fake and by clicking on the link you are allowing the scammers to download malicious malware on your phone. The malware can then be used by scammers to access your personal information including banking details and passwords.
Once your phone is infected with the ‘Flubot’ it can also send out messages to contacts within your phone, encouraging others to click the link and become infected with the malware.
How can I spot a Flubot text?
This new type of scam is catching out Australians because Flubot texts are designed to mimic messages you might receive from legitimate companies. Some examples include:
- Your DHL order ID 1768908 will arrive soon. Track progress here at https://exampleurl.com/12hgyt8a
- Voicemail message received. Visit https://exampleurl.com/12bfd8j to listen before it is automatically deleted.
Often, you can identify a Flubot message because the website link will contain a series of random letters and numbers at the end. Spelling errors and messages about a parcel you know you haven’t ordered are other giveaways that can help you identify a Flubot scam.
Update January 2022:
We have received reports that the types of messages received from Flubot scams are evolving, and may now also include message such as:
- Why did you upload this private video of me: https://exampleurl.com/12hgyt8a
- Have you seen this video of us? https://exampleurl.com/12hgyt8a
What do I do if I’ve received a text?
If you receive a text message you believe to be a Flubot scam, delete it immediately. We strongly recommend that you never click on the links in these messages.
If you have accidentally clicked on a link, you may be taken to a page which claims your device is infected with Flubot and prompts you to install ‘additional security’ to remove it. This is a trick and at this point your phone is not yet inflected, however installing the ‘additional security’ will download the malware and provide access to scammers.
If you believe your phone may have been infected, you should take your phone to an IT professional or perform a factory reset of the device as soon as possible. To be safe, it is also best to change your passwords to important accounts and avoid accessing Internet Banking until this is done.
If you think you’ve fallen victim to a scam, please contact us as soon as possible. You can also report it on scamwatch.gov.au so that others can be warned of current scams.