Flubot scam targets Australians via fake photo album text message

The ‘Flubot’ scam first hit Australian shores on August 2, characterized by a mass text message sent from an Australian phone number tricking users into clicking a link that would then infect their Android device with malware.

Since the first report, thousands of Australians have received the malicious texts sent to their phones. In the first eight weeks, 13,000 Australians filed a formal complaint with the Scamwatch division of the Australian Competition and Consumer Commission (ACCC).

At first, phone users were tricked into clicking the scam link promising them a missed voicemail message. Then it progressed by clicking on the URL provided to track a delivery package.

Scamwatch warned on Friday that the crooks’ strategy had changed again.

Now Australians are fooled into thinking their photos have been shared online.

When they click on the link, they are taken to a page stating that their phone has been infected. The link claiming to remove the virus is the real malware.

The scam text reads: “Someone downloaded your | pictures.

“An entire album is downloaded – | here:… t0hk ”.

Once you click on the link, you are taken to a fake warning that says you have been infected and need to “install security update”.

“The Flutbot scam has changed again,” Scamwatch warned Friday afternoon.

“The text messages now say your photos have been uploaded and the text link leads to a page that says your device is already infected.

“Think about 3D: DON’T click on links, DO NOT download, and DO NOT DELETE! “

Delia Rickard, vice president of ACCC, previously told news.com.au: “This is a very sophisticated and potentially very dangerous scam. It can compromise people’s bank accounts.

“Whatever you do, don’t click the link. “

She also added in another interview with news.com.au that random letters and numbers appeared in the post – which in this case includes “t0hk” as well as weird punctuation marks such as “| and “-” – are there to help the message avoid triggering scam detection.

At the end of September, phone scams accounted for over $ 63.6 million in lost money, according to Scamwatch.

Of the 213,000 reports Scamwatch has received so far this year, 113,000 have concerned phone scams like Flubot.

The most recent statistics show that at the beginning of October 15,563 complaints about Flubot have been registered so far.

Only 13 people said they lost money, to the tune of $ 10,542, after the malware compromised their bank accounts.

There have been 20 reports of the photo album text scam, which was first reported on October 1.

“It is of great concern to see these scams evolve and become more sophisticated to steal even more money from unsuspecting people,” Ms. Rickard added in a statement.

The Flubot scam was first reported overseas and what happened in Europe quickly followed the same pattern in Australia a few weeks later.

In Europe, the scam originally started as voicemail messages and then evolved into a more sophisticated parcel dummy text.

Now New Zealand has also urged its residents to look for fake texts on uploaded photos.

The malware only infects Android phones. If you click on the link, you will download malware to your phone.

Not only can the spyware now watch you type in all your passwords, it also takes over all your phone contacts – which is why text messages are coming from Australian cell phone numbers.

This means that all the text messages you receive are not coming from a scammer, but from an unconscious victim.

Ms Rickard said there are three ways to remove malware from your phone.

You need to go to an IT professional to erase the virus, download antivirus software to get rid of it, or you can do a factory reset.

“As long as your phone is infected, do not access any of your accounts,” she added.

If you have lost personal information due to a scammer, you can contact IDCARE or call 1800 595 160. You can also report to CyberReport if you have been a victim of this cybercrime.