The Bizarre FluBot SMS Scam - What You Need to Know

Written by Samantha Cordell | August 17, 2021

If you have been bombarded by strange, poorly written text messages saying that you have missed a call recently - you're not alone.

Coming from seemingly normal Australian numbers with correct area codes, the text message scam known as 'FluBot' states that the recipient has missed a call, prompting them to click a link to listen to a voicemail before it is deleted.

The Australia Competition and Consumer Commission (ACCC) has reported that many Australians have been receiving multiple instances of these texts each day, since initially being reported on August 4.

What is the FluBot Scam?

FluBot is a type of malware that can be installed on your mobile device if you click on the malicious link in a SMS message.

Similar to a computer virus, the FluBot malware can access your personal information, and any other information, stored on your phone including passwords.

By accessing your contact list, the FluBot malware then sends similar text messages to other people from your phone without you knowing.

It's important to note that while any mobile phone (iPhone or other) can receive the text messages, the malware only infects Android users who click on the malicious link.

URGENT WARNING: Receiving text messages that look like this from Australian numbers saying you’ve missed a call? Delete these messages immediately and do not click on the link – it’s a #scam and will download malware! We’re working with industry to #stopthescam pic.twitter.com/Gb2JYMoPWL
— Scamwatch_gov_au (@Scamwatch_gov) August 12, 2021

I've blocked the number, why am I still receiving these messages?

A spokesperson from Telstra noted that "Flubot is a sophisticated piece of malware because it spreads by sending SMS messages to random mobile numbers, as well as mobile numbers scraped from a compromised Android device’s contact list.

Each time it does this it creates a new, unique link, making it difficult to block at a network level."

How do I know if my mobile has been infected?

Fortunately, while it is hard to know if your device has been infected and if your personal information has been accessed, there are a few telltale warning signs:

You may see a new app on your mobile called “Voicemail” with a blue cassette in a yellow envelope logo. If you try to uninstall the app, you receive an error message “You can not perform this action on a system service.”
You may receive text messages or telephone calls from people complaining about messages you unknowingly sent them.

Our recommendations:

First and foremost, we recommend never clicking on suspicious links from unknown numbers. If you receive a suspected FluBot SMS, simply delete it.
Spread the word - ensure your family and friends are aware that they may receive a suspicious text and know to delete it.
If you believe your mobile is infected, we recommend immediately changing your passwords on a separate and uninfected device.
Remove the FluBot malware and its associated 'Voicemail' app - a short 'how to' video can be found here.
Contact your bank to notify them of the infection and ensure your accounts are monitored for suspicious activity.
Report the FluBot Scam to Scamwatch here. This helps the ACCC share intelligence about scam activity in Australia.

How can Diamond IT help?

If you want to educate your employees on how to identify potential cyber threats and maintain secure password hygiene, our staff education programs and policy and procedure reviews can help. Our Business Technology Consultants are specialists in improving your internal cybersecurity.

We offer:

If you need advice on how you can ensure your cybersecurity strategy is fit for purpose, our team of Cybersecurity experts are ready to help. Contact our team on 1300 307 907 today.

View full post