Since August 2021, many Australians have been getting scam text messages/SMSes about missed calls, voicemails or deliveries from unrecognised numbers.
The text messages ask you to tap on a link to download an app to track or organise a time for a delivery or listen to a voicemail message. However, these are fake scam messages, there is NO delivery or voicemail, and the app is malicious software called Flubot.
NEVER click on a link in these messages, as you will often be redirected to a new website page that looks like an official brand, where you will be prompted to install software to listen to a fake voicemail message.
If you agree to install the file, malware will install and if permissions are granted – hackers/scammers can then gain access to your credit card details, personal information, text messages, browser and other information that is held on your phone.
Android phones and iPhones can both receive texts from the Flubot.
What do these scam messages look like?
Missed Voicemail Messages
The text message will read something along the lines of, “a1bcd2 Voicemail: You have 1 new Voicemail(s). Go to …”
Included in the text is a link, which if clicked will enable the scammers to download a malware app onto the phone.
The app will then appear as an icon called “Voicemail” with a blue cassette in a yellow envelope.
Missed, scheduled or upcoming delivery messages
Since September 2021, many Flubot messages mention a delivery. They usually refer to a major delivery brand like DHL or Amazon and will ask you to take some form of action in relation to the ‘delivery’.
Messages can include:
- Scheduling, tracking and managing a delivery that is ‘in transit’ or will be ‘delivered soon’.
- Telling you it’s your last chance to arrange pick up/delivery of a parcel.
- Asking you to enter your details to receive a package.
- Getting ‘more information’ about your delivery.
Examples:
- Your order will be delivered by DHL tomorrow between 11:26 and 14:26. Track progress https://example.com/n.php?la4pmtf6uyewv.
- You must enter your details 2cc receive your package with DHL. https://www.crabsunion.com/0axazu.php?gdk642k
- ARRIVAL today: your Amazon package. More INFO at http://example.com/n.php?la8zvtf0u.
Some key things to look out for
Unrecognised contacts and phone numbers.
Spelling mistakes and website links that contain 6-8 random letters and numbers.
Actions to take e.g., ‘click on this link’, ‘download this software’.
What can I do to protect myself?
If you receive one of these messages from an unrecognised contact or number, DO NOT CLICK OR TAP ON THE LINK. DELETE THE MESSAGE IMMEDIATELY.
If you have already interacted with one of these messages i.e., clicked on the link and downloaded any software, call us ASAP on 1300 131 844.
Treat any text messages from unrecognised numbers/contacts with absolute caution.
Regularly read information on www.scamwatch.gov.au and follow Police Credit Union on Facebook or Twitter, where we regularly post about current scams.
Make sure that your passwords are not saved on your phone, changed regularly and are difficult to guess.
If you see any unusual activity on your accounts, please get in touch immediately. You can check your Online Statements and your accounts regularly using Online Banking. Our Banking App also allows you to check your account securely 24/7.
Useful Resources
To find out more information about current scams, check out the government website, Scam Watch and ACCC’s Little Black Book of Scams.
Read more about the security of your money with Police Credit Union.
Find out more about common scams and how to protect yourself.