Hang up on unexpected calls claiming to be from our fraud team and contact us directly instead. More ways to keep your data safe. 

See our holiday opening hours here. Things can change quickly, save yourself the trip and check your local branch info.

We use cookies to provide you with the best possible online experience. Read more

Lifestyle Things your bank will never ask If you are ever asked for this information, you may be the target of a scam.
Money Why it's worth checking your accounts Updating your bank accounts could save you money and allow you to access more fe...
Lifestyle Identity theft Tips to avoid becoming a target for scammers.

Flubot scams

27/09/2021

How to identify and avoid the recent text message scam.

Have you been online shopping during the latest lockdown? You’re not alone and unfortunately scammers have jumped on the trend of unassuming Australians awaiting the delivery of their parcels. Since August 2021, Scamwatch has received thousands of reports of people getting scam text messages about missed calls, voicemails or deliveries.

What is the Flubot scam?

Flubot scams have been circulating for several months now and are text messages that ask you to click on a link to receive a delivery or listen to a voicemail message. These messages are fake and instead install malicious software called Flubot on your device designed to access your personal information.

While the format is frequently changing and increasing in sophistication, the call to action asking recipients to ‘click on a link’ or ‘download an app’ remains the same. The message can contain spelling mistakes or random upper case words, and the website link is usually followed by a series of random numbers and letters.

Examples of Flubot scam text messages. Images from Scamwatch.

How does the Flubot scam work?

Any mobile device can receive these text messages. They usually refer to DHL or Amazon and will appear like a normal message asking you to take some sort of action by clicking on a link. If you click on the link and download the app, malicious software will be installed on your phone that can give scammers access to:

  • Read your text messages
  • Send messages from your phone
  • Make calls from your number
  • Your contacts
  • Your passwords and accounts.

The software will also expand the scam by triggering Flubot messages to other contact numbers it steals from your phone. It may also provide details on how to enable download if the app was flagged as suspicious or blocked by your phone – which is a big red flag!

What should I do if I’ve downloaded Flubot?

If you’ve clicked on the link, you should take immediate action. Don’t enter any passwords or log into any applications until you’ve cleaned your device. If you’re concerned that your details may have already been compromised, call your financial institution immediately to secure your accounts.

1. Do a factory reset

The best way to clean your device is to conduct a factory reset. Depending on your device, this action will appear in your Settings as ‘Erase all Content and Settings’ or Factory reset’ and will delete all of your data – including photos, messages and other applications. Make sure you don’t restore from any backup versions created after you downloaded the app. You can also contact an IT professional or visit an official provider store for help.

2. Change your passwords

You should update your passwords once you’ve cleaned your phone, even if you didn’t log in to any accounts or apps after the malicious software was downloaded. If you used your original password across multiple accounts, you need to change those too.

How can I avoid the Flubot scam?

Always keep an eye out for spelling mistakes, unfamiliar websites or logos, and take a moment to stop and think before clicking on any links! Remember that most organisations will never ask you to provide your personal details. Here are some other ways you can minimise the risk of being scammed:

  • Don’t click on the link
  • Don’t call the number back
  • Report the incident to Scamwatch
  • Delete the text
  • Contact an IT professional if you think your device is impacted
  • Call your financial institution to secure your accounts.

This article is intended to provide general information of an educational nature only. Information in this article is current as at the date of publication. We do not recommend any third party products or services and we are not liable in relation to them. Any links to third party websites are for your information only and we do not endorse their content.

Home loans and mortgages

We'll help you find the right home loan for your needs.

Learn more

Send this article to friends and family

Share
Lifestyle COVID-19 vaccine scams New scams to be aware of as vaccines begin rolling out.
Lifestyle Spotting a remote access scam Warning signs and ways to keep your data safe.