WARNING: The $9,000 ‘FluBot’ scam text has mutated

·3-min read
Image of someone on mobile phone with screenshot of Flubot scam
(Source: Getty, Scamwatch)

Aussies, be warned: FluBot scam texts, which have the potential to infect your phone, have mutated and changed tactics in order to fool more Australians.

Yahoo Finance first reported about the FluBot scam last month, in which Australians received garbled text messages advising them of a missed call or a new voicemail awaiting them.

Back then, a FluBot text message may have looked like: “a1bcd2 Voicemail: You have 1 new Voicemail(s). Go to [link]”, or “z0re4 You have a missed lall. Caller left ylu z mesxage: [link]".

But as warnings about the scam circulate, it appears the content of the text message has changed to something a little more ordinary and believable: fake notifications about parcel deliveries.

“​​We can confirm Flubot messages have moved from variants around missed calls and voicemails to ‘schedule your package delivery’ texts, changing on the August 29, 2021,” an ACCC spokesperson told news.com.au.

Also read:

As of Tuesday, Scamwatch has received more than 8,400 reports of the FluBot texts.

Australians have so far lost more than $9,000 to the scam – and that’s just of the Aussies who report it to the agency.

‘FluBot’ scam: How does it work?

The scam works by stealing the victim’s online banking details. Users are tricked into downloading a malware app which is masked as a legitimate app.

Real banks like CommBank, NAB, Bank Australia and more have been spoofed in this way, according to Netcraft.

But once the malware app is downloaded, the device becomes entirely under the control of the anonymous cyber criminal, which steals contact lists, passwords, and credit card details.

Text recipients may be told that they have a parcel on board for delivery, or that their package is about to be delivered.

It may even mention well-known shipping companies such as DHL in order to appear more legitimate.

“We are receiving reports of texts like these saying a parcel is being delivered/in transit & containing php links,” Scamwatch warned in a Tweet.

What you should do if you get this text

“Delete these messages & don’t click on links!” Scamwatch said.

If you need to check on a delivery, dip into your inbox and check the legitimate confirmation email that would have been sent out from the business.

WATCH BELOW: 4 Tips for Spotting and Avoiding Common Scams

Yahoo Finance has reached out to the ACCC for further comment.

Scams are abounding at the moment as malicious cyber criminals prey on Australians in lockdown awaiting their online shopping purchases to be delivered or receiving government payments.

Yahoo Finance has also warned about tax-related scams, particularly during tax season, as well as investment scams, crypto scams or scams that spoof well-known and trusted brands like NAB, CBA and more.

Follow Yahoo Finance on Facebook, LinkedIn, Instagram and Twitter, and subscribe to the free Fully Briefed daily newsletter.