Have You Received Messages About Missed Package Deliveries?

People everywhere have been getting scam text messages about missed calls, voicemail or delivery-related messages. The average person with a smartphone account receives one to two of these scams a day.

The text messages ask you to tap on a link to download or access something. There are a large number of variants of the Flubot text messages, but often they ask you to download an app to track or organize a time for a redelivery of your package, hear a voicemail message, or view photos that have been uploaded. However, the message is fake, there is no delivery. The voicemail or photos uploaded and the app is actually malicious software called Flubot.

Android Phones And iPhones Can Both Receive Texts From The Flubot.

If you receive one of these messages, do not click or tap on the link. Delete the message immediately.

What The Scam Messages Look Like

NOTE: Scammers are frequently updating the Flubot text message format. So always be on guard!

Flubot Text Messages Change Regularly

Flubot scammers are regularly updating the text messages they send out to try and infect your device with Flubot. Recently, we’ve received reports of messages relating to Zoom invites, Google verifications, and ‘thank you’ messages from clinics, as well as the major categories set out below.

Flubot text messages include a link that almost always contains a series of 5-9 random letters and numbers at the end of the link

As a general rule, if you receive a text message that contains a link, do not click on the link.

Photo Uploads

Starting in October 2021, some Flubot messages now say that your photos have been uploaded. They provide a link to where the ‘album’ has been uploaded.

The typical wording of these messages is: Someone uploaded your | pictures. A whole album is uploaded – | here:

FLUBOT Example: An SMS that says someone has uploaded your photos

We strongly recommend that you never click on the links in these messages. However, if you do accidentally click on this link, we note that this will take you to a page that claims your device is already infected with Flubot and tells you that you need to install a security update to remove Flubot.

This is a clever trick by scammers; your phone is not infected, but installing the security update will infect your phone as it downloads the Flubot malware.

Delivery Notifications

Starting in September 2021, many Flubot messages now talk about a delivery. They usually refer to DHL and always ask you to take some form of action in relation to the ‘delivery’. We have also started to see reports referring to Amazon deliveries.

Messages can include:

• scheduling a delivery time
• tracking a delivery
• managing a delivery that is ‘in transit’ or will be ‘delivered soon’
• telling you it’s your last chance to arrange pick up/delivery of a parcel
• asking you to enter your details to receive a package
• getting ‘more information’ about your delivery.

Unlike earlier Flubot messages (which are also still circulating), the new text messages may not contain spelling mistakes, so they can be harder to spot. However, they do contain a website link followed by 5-9 random letters and numbers. Here are some examples:

• The delivery time for your parcel is 03/09. Check out your options:
• Your DHL order ID1842225 will arrive soon. Track progress here: <>
• Your order will be delivered by DHL tomorrow between 11:26 and 14:26. Track progress
• You have (1) Pending Package! Ref: DHL-6461W Last chance to PICK it up >
• You must enter your details 2cc receive your package with DHL
• ARRIVAL today: your Amazon package. More INFO at
• Arriving today: your (d08) Amazon {s7} package. More info at

Voicemail And Missed Call Notifications

Missed call and voicemail messages started circulating in 2021. They often begin with 5-9 random lowercase letters or numbers, then say you had a missed call or voicemail message.

The text message often includes several misspellings. Here are some examples.

• ab12c3 Nfw voice yessage received
• gh6tr7 Voicemail message receiied
• x78y9z New oozce-message received

After saying you have a missed call, voicemail, or message, the messages include a link. The message may also say the voicemail message will be automatically deleted if you don’t access it.

What Happens If You Click Or Tap The Link

Clicking/tapping the link could lead to downloading malware (malicious software) to your phone.

Here’s what each type of scam looks like.

For Photo Upload Texts

You’ll probably see a screen with:

• a warning that your device has been infected with Flubot
• a button or link that asks you to ‘install security update’

The page sometimes says that a window may appear preventing the installation and that you should enable the instillation via your devices settings.

For Delivery Texts

You’ll probably see a screen with:

• stolen DHL / courier branding
• a button or link asking you to download an app to track your delivery’s progress

The page sometimes says your phone may flag the app as suspicious and that you should ignore this warning.

For Voicemail/Missed Call Texts

You’ll probably see a screen with:

• your phone number
• a note saying how long the fake message is (such as 2 minutes and 34 seconds)
• a link to ‘Download voicemail app’ and instructions to enable the download of the application if this was blocked initially by your phone.

If You Have An Android Device

If you have an Android device, it will download an application called Voicemail71.apk, Update42.apk’ or DHL34.apk. This application is malware.

You would then be asked to install the application.

The landing page that fraudulently states your device is infected with Flubot can look like this:

The landing page that asks you to download the fake DHL application can look like this:

The Application May Be Able To:

• read your text messages
• send text messages from your phone
• make phone calls from your number
• access your contacts

Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.

It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam.

If You Have An iPhone

If you have an iPhone, you may see a link to download software. This software isn’t the same as Flubot, but it can still damage your device.

What To Do If You’ve Downloaded The Flubot

Don’t enter any passwords or log into any accounts until you have followed the below steps. If you need to check your online banking, use a different device to do so.

Clean Your Device

Cleaning your device using the steps below will remove the malicious software from your device.

To clean your device, you can:

• contact an IT professional
• download official Android anti-virus software through the Google Play Store or iPhone iTunes Store
• perform a factory reset of the device, as soon as possible.

The best way to make sure that your phone is clean is to use the ‘Erase all Content and Settings’ or ‘Factory reset’ features. The exact name of the feature will depend on the device you have. Performing this reset of your device will delete all of your data including photos, messages, and authentication applications.

When performing a factory reset it’s important that you don’t restore from any backups created after you downloaded the app, as they will be infected.

Change Your Passwords And Secure Your Information

If you have logged in to any accounts or apps using a password since downloading the app, you need to change your passwords.

If you have used the same passwords for any other accounts, you also need to change those passwords.

Contact your bank and ensure your accounts are secure.

How To Protect Yourself

• Do not click on links in text messages that contain a link with a series of random numbers and letters.
• Do not call back the individual who sent the text. It’s unlikely that they are a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing.
• Delete the message immediately.
• Learn more about FluBot scams and other relevant phone scams at the ID Care website .

Have You Been Scammed?

• Make a report to your National Cybercrimes Police, such as the US FTC, UK ActionFraud, Australian ACCC – if you have been a victim of this cybercrime.
• We encourage you to report scams to the SCARS www.Anyscam.com website as well. This can help us to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example by including the email or screenshot.
• If you have lost personal information to a scammer and are concerned, you can contact IDCARE.
• Spread the word to your friends and family to protect them.

Portions Courtesy of Scamwatch a service of the Australian Government’s Australian Competition and Consumer Commission (ACCC)