Have You Received Messages About Missed Package Deliveries?

People everywhere have been getting scamScam A Scam is a confidence trick - a crime -  is an attempt to defraud a person or group after first gaining their trust through deception. Scams or confidence tricks exploit victims using their credulity, naïveté, compassion, vanity, irresponsibility, or greed and exploiting that. Researchers have defined confidence tricks as "a distinctive species of fraudulent conduct ... intending to further voluntary exchanges that are not mutually beneficial", as they "benefit con operators ('con men' - criminals) at the expense of their victims (the 'marks')". A scam is a crime even if no money was lost. text messages about missed calls, voicemail or delivery-related messages. The average person with a smartphone account receives one to two of these scams a day.

The text messages ask you to tap on a link to download or access something. There are a large number of variants of the Flubot text messages, but often they ask you to download an app to track or organize a time for a redelivery of your package, hear a voicemail message, or view photos that have been uploaded. However, the message is fake, there is no delivery. The voicemail or photos uploaded and the app is actually malicious software called Flubot.

Android Phones And iPhones Can Both Receive Texts From The Flubot.

If you receive one of these messages, do not click or tap on the link. Delete the message immediately.

What The Scam Messages Look Like

NOTE: Scammers are frequently updating the Flubot text message format. So always be on guard!

Flubot Text Messages Change Regularly

Flubot scammers are regularly updating the text messages they send out to try and infect your device with Flubot. Recently, we’ve received reports of messages relating to Zoom invites, Google verifications, and ‘thank you’ messages from clinics, as well as the major categories set out below.

Flubot text messages include a link that almost always contains a series of 5-9 random letters and numbers at the end of the link

As a general rule, if you receive a text message that contains a link, do not click on the link.

Photo Uploads

Starting in October 2021, some Flubot messages now say that your photos have been uploaded. They provide a link to where the ‘album’ has been uploaded.

The typical wording of these messages is: Someone uploaded your | pictures. A whole album is uploaded – | here:

FLUBOT Example: An SMS that says someone has uploaded your photos

We strongly recommend that you never click on the links in these messages. However, if you do accidentally click on this link, we note that this will take you to a page that claims your device is already infected with Flubot and tells you that you need to install a security update to remove Flubot.

This is a clever trick by scammers; your phone is not infected, but installing the security update will infect your phone as it downloads the Flubot malwareMalware Short for "malicious software," this term means computer viruses and other types of programs that cybercriminals use to disrupt or access your computer, typically with the aim of gathering sensitive files and accounts..

Delivery Notifications

Starting in September 2021, many Flubot messages now talk about a delivery. They usually refer to DHL and always ask you to take some form of action in relation to the ‘delivery’. We have also started to see reports referring to Amazon deliveries.

Messages can include:

• scheduling a delivery time
• tracking a delivery
• managing a delivery that is ‘in transit’ or will be ‘delivered soon’
• telling you it’s your last chance to arrange pick up/delivery of a parcel
• asking you to enter your details to receive a package
• getting ‘more information’ about your delivery.

Unlike earlier Flubot messages (which are also still circulating), the new text messages may not contain spelling mistakes, so they can be harder to spot. However, they do contain a website link followed by 5-9 random letters and numbers. Here are some examples:

• The delivery time for your parcel is 03/09. Check out your options:
• Your DHL order ID1842225 will arrive soon. Track progress here: <>
• Your order will be delivered by DHL tomorrow between 11:26 and 14:26. Track progress
• You have (1) Pending Package! Ref: DHL-6461W Last chance to PICK it up >
• You must enter your details 2cc receive your package with DHL
• ARRIVAL today: your Amazon package. More INFO at
• Arriving today: your (d08) Amazon {s7} package. More info at

 

Voicemail And Missed Call Notifications

Missed call and voicemail messages started circulating in 2021. They often begin with 5-9 random lowercase letters or numbers, then say you had a missed call or voicemail message.

The text message often includes several misspellings. Here are some examples.

• ab12c3 Nfw voice yessage received
• gh6tr7 Voicemail message receiied
• x78y9z New oozce-message received

After saying you have a missed call, voicemail, or message, the messages include a link. The message may also say the voicemail message will be automatically deleted if you don’t access it.

 

What Happens If You Click Or Tap The Link

Clicking/tapping the link could lead to downloading malware (malicious software) to your phone.

Here’s what each type of scam looks like.

For Photo Upload Texts

You’ll probably see a screen with:

• a warning that your device has been infected with Flubot
• a button or link that asks you to ‘install security update’

The page sometimes says that a window may appear preventing the installation and that you should enable the instillation via your devices settings.

For Delivery Texts

You’ll probably see a screen with:

• stolen DHL / courier branding
• a button or link asking you to download an app to track your delivery’s progress

The page sometimes says your phone may flag the app as suspicious and that you should ignore this warning.

For Voicemail/Missed Call Texts

You’ll probably see a screen with:

• your phone number
• a note saying how long the fake message is (such as 2 minutes and 34 seconds)
• a link to ‘Download voicemail app’ and instructions to enable the download of the application if this was blocked initially by your phone.

If You Have An Android Device

If you have an Android device, it will download an application called Voicemail71.apk, Update42.apk’ or DHL34.apk. This application is malware.

You would then be asked to install the application.

The landing page that fraudulently states your device is infected with Flubot can look like this:

The landing page that asks you to download the fake DHL application can look like this:

 

The Application May Be Able To:

• read your text messages
• send text messages from your phone
• make phone calls from your number
• access your contacts

Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.

It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam.

If You Have An iPhone

If you have an iPhone, you may see a link to download software. This software isn’t the same as Flubot, but it can still damage your device.

What To Do If You’ve Downloaded The Flubot

Don’t enter any passwords or log into any accounts until you have followed the below steps. If you need to check your online banking, use a different device to do so.

Clean Your Device

Cleaning your device using the steps below will remove the malicious software from your device.

To clean your device, you can:

• contact an IT professional
• download official Android anti-virusVirus A computer program that can replicate itself and spread from computer to computer or file to file. It comes to life only when you take a specific action, such as running a particular program. software through the Google Play Store or iPhone iTunes Store
• perform a factory reset of the device, as soon as possible.

The best way to make sure that your phone is clean is to use the ‘Erase all Content and Settings’ or ‘Factory reset’ features. The exact name of the feature will depend on the device you have. Performing this reset of your device will delete all of your data including photos, messages, and authentication applicationsApplications Applications or Apps An application (software), commonly referred to as an ‘app’ is a program on a computer, tablet, mobile phone or device. Apps are designed for specific tasks, including checking the weather, accessing the internet, looking at photos, playing media, mobile banking, etc. Many apps can access the internet if needed and can be downloaded (used) either for a price or for free. Apps are a major point of vulnerability on all devices. Some are designed to be malicious, such as logging keystrokes or activity, and others can even transport malware. Always be careful about any app you are thinking about installing..

When performing a factory reset it’s important that you don’t restore from any backups created after you downloaded the app, as they will be infected.

Change Your Passwords And Secure Your Information

If you have logged in to any accounts or appsApps Applications or Apps An application (software), commonly referred to as an ‘app’ is a program on a computer, tablet, mobile phone or device. Apps are designed for specific tasks, including checking the weather, accessing the internet, looking at photos, playing media, mobile banking, etc. Many apps can access the internet if needed and can be downloaded (used) either for a price or for free. Apps are a major point of vulnerability on all devices. Some are designed to be malicious, such as logging keystrokes or activity, and others can even transport malware. Always be careful about any app you are thinking about installing. using a password since downloading the app, you need to change your passwords.

If you have used the same passwords for any other accounts, you also need to change those passwords.

Contact your bank and ensure your accounts are secure.

How To Protect Yourself

• Do not click on links in text messages that contain a link with a series of random numbers and letters.
• Do not call back the individual who sent the text. It’s unlikely that they are a scammerScammer A Scammer or Fraudster is someone that engages in deception to obtain money or achieve another objective. They are criminals that attempt to deceive a victim into sending more or performing some other activity that benefits the scammer. or criminalCriminal A criminal is any person who through a decision or act engages in a crime. This can be complicated, as many people break laws unknowingly, however, in our context, it is a person who makes a decision to engage in unlawful acts or to place themselves with others who do this. A criminal always has the ability to decide not to break the law, or if they initially engage in crime to stop doing it, but instead continues.. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofingSpoofing Spoofing occurs when a caller maliciously transmits false caller ID information to increase the likelihood that you'll answer. Scammers often spoof local numbers, private companies, government agencies and other institutions. It can also apply to pretending to be an email address, or through other media..
• Delete the message immediately.
• Learn more about FluBot scams and other relevant phone scams at the ID Care website .

Have You Been Scammed?

• Make a report to your National CybercrimesCybercrimes Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks. Police, such as the US FTCFTC The Federal Trade Commission (FTC) is an independent agency of the United States government whose principal mission is the enforcement of civil (non-criminal) U.S. antitrust law and the promotion of consumer protection. The FTC can also act as a clearinghouse for criminal reports sent to other agencies for investigation and prosecution. To learn more visit www.FTC.gov or to report fraud visit ReportFraud.FTC.gov, UK ActionFraudActionFraud Action Fraud is the UK’s national reporting centre for fraud and cybercrime where you should report fraud if you have been scammed, defrauded or experienced cyber crime in England, Wales and Northern Ireland. WEBSITE LINK, Australian ACCC – if you have been a victim of this cybercrimeCybercrime Cybercrime is a crime related to technology, computers, and the Internet. Typical cybercrime are performed by a computer against a computer, or by a hacker using software to attack computers or networks..
• We encourage you to report scams to the SCARS www.Anyscam.com website as well. This can help us to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example by including the email or screenshot.
• If you have lost personal information to a scammer and are concerned, you can contact IDCARE.
• Spread the word to your friends and family to protect them.

Portions Courtesy of Scamwatch a service of the Australian Government’s Australian Competition and Consumer Commission (ACCC)