Flubot scam targets Australians through photo album fake text message


There are fears that Australians could fall for a new ploy by notorious scammers, with millions of dollars already lost.

The notorious Flubot scammers have rolled out a sneaky new tactic designed to catch Aussies unawares, after their two other ploys were widely reported on.

The ‘Flubot’ scam first arrived on Australia’s shores on August 2, characterised by a text sent en masse from an Australian phone number that enticed users to click on a link that would then infect their Android device with malware.

Since the first report, thousands of Australians have had the malware texts sent to their phone. In the first eight weeks, 13,000 Australians made a formal complaint to the Scamwatch division of the Australian Competition and Consumer Commission (ACCC).

At first, phone users were tricked into clicking the scam link by promises of a missed voicemail text. Then this progressed to clicking on the URL provided to track a delivery parcel.

On Friday, Scamwatch warned that the scammers’ strategy had changed again.

Now Australians are being duped into thinking their photos have been shared online.

When they click the link, they are taken to a page saying their phone has been infected. The link claiming to remove the virus is indeed the real malware.

The scam text says: “Someone uploaded your | pictures.

“A whole album is uploaded – | here: … t0hk”.

Once you click on the link, it takes you to a fake warning saying you have been infected and you must “install security update”.

“The Flutbot scam has changed again,” Scamwatch warned on Friday afternoon.

“Text messages now say your photos have been uploaded & the link from the text leads to a page saying your device is already infected.

“Think 3D’s: DON’T click links, DON’T download & DELETE!”

Delia Rickard, deputy chair of the ACCC, previously told news.com.au: “It’s a very sophisticated scam and potentially very dangerous. It can compromise people’s bank accounts.

“Whatever you do, don’t click on the link.”

She also added in another interview with news.com.au that random letters and numbers appearing in the message — which in this case includes “t0hk” as well as odd punctuation such as “|” and “–” — are there to help the message avoid triggering scam detection.

As of late September, phone-based scams have accounted for over $63.6 million in lost money, according to Scamwatch.

Of the 213,000 reports that Scamwatch received so far this year, 113,000 were about phone scams like Flubot.

The most recent statistics say that as of early October, there have been 15,563 complaints about Flubot alone to date.

Only 13 people have reported losing money, to the tune of $10,542, after the malware compromised their bank accounts.

There have been 20 reports of the photo album text scam, which was first reported on October 1.

“It’s very concerning to see these scams evolving and becoming more sophisticated to steal even more money from unsuspecting people,” Ms Rickard added in a statement.

The Flubot scam was first reported overseas and what happened in Europe soon followed the same pattern in Australia, a few weeks behind.

In Europe, the scam originally started out as voicemail messages then evolved to be a more sophisticated fake parcel text.

Now New Zealand has also urged its residents to look out for the fake texts about photos being uploaded.

The malware only infects Android phones. If you click on the link, you will be downloading malware onto your phone.

Not only can the spyware now watch you type in all your passwords, it also gets hold of all the contacts in your phone – which is why the texts are coming from Australian mobile numbers.

That means all the texts you’re getting aren’t from a scammer – they’re from an unknowing victim.

Ms Rickard said there were three ways to get the malware off your phone.

You need to go to an IT professional to wipe the virus, download an antivirus software that gets rid of it, or you can do a factory reset.

“As long as your phone is infected, don’t go into any of your accounts,” she added.

If you have lost personal information to a scammer you can contact IDCARE or call 1800 595 160. You can also make a report to ReportCyber if you have been a victim of this cybercrime.

Source link

Leave A Reply

Your email address will not be published.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

en English