Australians are being warned Flubot scammers are still active, with renewed warnings to delete suspicious text messages as soon as they appear.
Since August last year, thousands of Australians have received scam texts about missed calls, voicemails, deliveries and their photos being uploaded.
Watch the video above for a warning about the Flubot scam
The Flubot scam is believed to have contributed to record losses of more than $211 million to scammers last year. Phone scams of various kinds made up a significant portion of that, with $63.6 million lost by 110,000 people.
Flubot is malware that sends the messages to both Android and iPhone users, asking people to tap on a link to download or access something.
By clicking on the link, you will effectively download a specific type of malware to your device.
“There are a large number of different types of Flubot text messages and scammers are updating them all the time,” the Australian Competition and Consumer Commission’s Scamwatch says.
“We strongly recommend that you never click on the links in these messages.
“It is best to delete them immediately.”
On Monday, one Reddit user shared a screenshot of five Flubot text messages he received on the same day, garnering thousands of reactions.
“Got a few this weekend. Latest one said a video has been stolen off my phone,” one user said.
“I got one today that basically said, ‘we failed to deliver your order, what are you going to do?’ Then the link. It’s bloody annoying when it happens in the middle of the night,” another added.
A third user said they had received a “huge influx of spam messages” after taking a call from a random number.
“The call hung up immediately and my number was likely sold to an ‘active numbers’ list,” they said.
“So - if you don’t know the number, don’t pick up.”
How to identify a Flubot scam
Flubot scams will arrive as text messages about missed calls, voicemails, deliveries and photos being uploaded.
The message will contain a link inviting the user to install software, infecting the phone with malware.
The contents of the text messages varies but the link will usually contain five to nine random numbers and letters.
“They will often ask you to download an app to track or organise a time for a delivery, hear a voicemail message, or view photos that have been uploaded,” Scamwatch warns.
“However, there is no delivery, voicemail, or photos uploaded and the app is actually malware called Flubot.”
For Android users, the downloaded app - which is malware - is usually called Voicemail71.apk, Update42.apk’ or DHL34.apk.
Installing the software will likely allow scammers to access your passwords and accounts - information they can then use to steal your money or personal information.
Flubot messages that talk about delivery usually refer to DHL and always ask you to take some form of action in relation to the ‘delivery’.
Some reports refer to Amazon deliveries.
An example of this kind of message includes: “The delivery time for your parcel is 03/09. Check out your options: http://example.com/g.php?l2r54ya alfal”.
From October 2021, some Flubot messages began claiming people’s photos had been uploaded and provided a link to where the ‘album’ has been uploaded.
The typical wording of these messages is: “Someone uploaded your | pictures. A whole album is uploaded - | here: https://consult.priyalco.com/h/?cftlkv.”
What to do if you receive a Flubot message
If you receive any message that you suspect may be a scam, delete it immediately.
Do not call the person who sent the text message.
“It’s unlikely that they are a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing,” Scamwatch said.
Do not click on links in text messages that contain a series of random numbers and letters.
“It will be able to do a whole lot of damage on your phone, everything from stealing your back accounts, your passwords and then it will spread via SMS to new numbers,” cyber security expert Darren Pauli told 7NEWS.
“We’ve seen lots of reports of people getting it. I, myself, have about 30-40 of these messages on my phones.
“It certainly does spread and it’s spreading very effectively ... They’re getting enough victims to be a problem.”
What to do if you click the link
If you’ve already clicked the link to download the app, your passwords are at risk and you should act immediately.
Scamwatch recommends not entering any passwords or logging into any accounts you have until you have cleaned your device.
Change your passwords and secure your information.
Clean your device. The best way to do this is to use reset the device to factory settings or remove all contents and settings.
“When performing a factory reset it’s important that you don’t restore from any backups created after you downloaded the app, as they will be infected,” Scamwatch said.
Users are also advised to contact their banks to ensure all account are secure.