My Credit Union

Phone scams exploding


20th September, 2021

Since August 2021, many Australians have been getting scam text messages about missed calls, voicemails or deliveries.

Scamwatch has received over 12,000 reports of these scams. These scams have also been a problem overseas in 2021.

The text messages ask you to tap on a link to download an app to track or organise a time for a delivery, or hear a voicemail message. However, the message is fake, there is no delivery or voicemail, and the app is actually malicious software called Flubot.

Android phones and iPhones can both receive texts from the Flubot.

If you receive one of these messages, do not click or tap on the link. Delete the message immediately.

Clicking/tapping the link could lead to downloading malware (malicious software) to your phone.

What do these scam messages look like?

Delivery notifications:

Starting in September 2021, many Flubot messages were in regard to a delivery. They usually refer to DHL and always ask you to take some form of action in relation to the ‘delivery’. There are also reports of similar messages referring to Amazon deliveries.

Messages can include scheduling a delivery time; tracking a delivery; managing a delivery that is ‘in transit’ or will be 'delivered soon'; telling you it's your last chance to arrange pick up/delivery of a parcel; asking you to enter your details to receive a package; and/or getting 'more information' about your delivery.

Voicemail and missed call notifications (August 2021):

Missed call and voicemail messages started circulating in Australia in August 2021. They often begin with 5-6 random lowercase letters or numbers, then say you had a missed call or voicemail message.

After saying you have a missed call, voicemail or message, the messages include a link. The message may also say the voicemail message will be automatically deleted if you don’t access it.

What to do if you’ve downloaded the Flubot?

Act immediately! If you have already clicked the link to download the application, your passwords and online accounts are now at risk from hackers.

Don't enter any passwords or log into any accounts until you have followed the below steps. If you need to check your online banking, use a different device to do so.

Clean your device:

Cleaning your device using the steps below will remove the malicious software from your device.

To clean your device, you can:

The best way to make sure that your phone is clean is to use the 'Erase all Content and Settings' or 'Factory reset' features. The exact name of the feature will depend on the device you have. Performing this reset of your device will delete all of your data including photos, messages, and authentication applications.

When performing a factory reset it's important that you don't restore from any backups created after you downloaded the app, as they will be infected.

Change your passwords and secure your information:

If you have logged in to any accounts or apps using a password since downloading the app, you need to change your passwords.

If you have used the same passwords for any other accounts, you also need to change those passwords.

Contact your bank and ensure your accounts are secure.

How to protect yourself

Have you been scammed?

Make a report to ReportCyber if you have been a victim of this cybercrime.