Think before you click - Flubot update October 2021

Scamwatch has issued yet another warning that Flubot, a malware that can be installed onto an unsuspecting victim’s device if they click a link, has adopted more sophisticated tactics to trick both Android and iPhone users.

According to Scamwatch, since August 2021, thousands of Australians have received text messages appearing to be sent by well-known, trustworthy companies advising them of non-existent missed calls, voicemails or missed deliveries. The text messages contain links and strongly encourage users to click them to access, view, install or download something.

At Bank of us, we’re encouraging our customers to avoid clicking any links received via text message. Once you click the link your device is compromised. The malware can access your personal information, bank account details, and even harvest your contact list so they can attempt to infect your nearest and dearest, often without your knowledge.

An important thing to know about Flubot is that the content of the messages changes regularly. These scams include texts about photo album uploads, package deliveries, voicemails and missed calls, Zoom meeting invites, thank you messages and even notifications telling users they are already infected with Flubot and prompting them to install a security update to remove Flubot. The sneaky trick here is that the device isn’t infected with Flubot until the “security update” is installed.

They may also include an opt-out message, playing on our tendency to want to unsubscribe from spam or unsolicited messages.

A user may not realise their device is infected with Flubot and will therefore be unaware their personal data is being accessed or their device is sending SMS to their contacts to infect others.

Signs a device is infected include: new apps downloaded on the device that give an error message when an install is attempted, or communications from a user’s phone service provider or contacts notifying them they are sending high volumes of suspicious text messages.

If you receive a text message with a link in it, do not click the link. In most cases, you can just delete the message and go about your day.

If you do believe the text message is from a contact or company you know and trust, then still do not click the link. Contact them on a number you have used before, or search their contact information in a phone book or on Google. Do not use any contact information associated with the text message you received.

Stay safe!