Since August 2021, scammers have been increasingly targeting Australians with a new type of scam known as ‘Flubot’. Flubot scammers are catching Australians out, so it’s important to learn how to identify when you’re being targeted and what to do next.
What is a Flubot scam?
A Flubot scam begins with a text message about a missed call, voicemail, or even a delivery. These messages often ask you to click a link to track a delivery, hear a voicemail message, or even view photos.
Although they may appear realistic, the messages are fake and by clicking on the link you are allowing the scammers to download malicious malware on your phone. The malware can then be used by scammers to access your personal information including banking details and passwords.
Once your phone is infected with the ‘Flubot’ it can also send out messages to contacts within your phone, encouraging others to click the link and become infected with the malware.
What do Flubot messages look like?
The reason this new type of scam is so effective is because Flubot texts are designed to mimic messages you might receive from legitimate companies. Some examples include:
- Your DHL order ID 1768908 will arrive soon. Track progress here at https://exampleurl.com/12hgyt8a
- Voicemail message received. Visit https://exampleurl.com/12bfd8j to listen before it is automatically deleted.
Often, the website link will contain a series of random letters and numbers at the end, this can be an easy way to identify what may be a Flubot message. You can also help identify a Flubot scam if the message contains spelling errors or is about a parcel you haven’t ordered.
What do I do if I’ve received a text?
If you receive a text message you believe to be a Flubot scam, delete it immediately. We strongly recommend that you never click on the links in these messages.
If you have accidentally clicked on a link, you may be taken to a page which will claim your device is infected with Flubot and prompts you to install ‘additional security’ to remove it. This is a trick and at this point your phone is not yet infected, however installing the ‘additional security’ will download the malware and provide access to scammers.
If you believe your phone may have been infected, do not enter any passwords or log into any accounts as you are now at risk from hackers. You should take your phone to an IT professional or perform a factory reset of the device as soon as possible. If you need to check your online banking, use a different device to do so and to be safe, it is also best to change your passwords to important accounts.
Reporting a Scam
If you think you’ve fallen victim to a scam, please contact us as soon as possible. You can also report it on scamwatch.gov.au so that others can be warned of current scams.