Scam Alert - Missed delivery, call or voicemail (Flubot) scams

24 September 2021

Since August 2021, many Australians have been getting scam text messages about missed calls, voicemails or deliveries.  In the first month after this scam was first reported, Scamwatch received over 9500 reports of these scams. These scams have also already been a problem overseas in 2021.

The text messages ask you to tap on a link to download an app to track or organise a time for a delivery, or hear a voicemail message However, the message is fake, there is no delivery or voicemail, and the app is actually malicious software called Flubot.

Android phones and iPhones can both receive texts from the Flubot.

If you receive one of these messages, do not click or tap on the link. Delete the message immediately.

What the scam messages look like

Scammers are frequently updating the Flubot text message format. We’ll update this page regularly, but we recommend that you check the @Scamwatch_gov Twitter account  for the most up to date warnings about these messages.

Delivery notifications

Starting in September 2021, many Flubot messages now talk about a delivery. They often refer to DHL and always ask you to take some form of action in relation to the ‘delivery’. This can include:

  • scheduling a delivery time
  • tracking a delivery
  • managing a delivery that is ‘in transit’ or will be ‘delivered soon’
  • telling you it’s your last chance to arrange pick up/delivery of a parcel.

Unlike earlier Flubot messages (which are also still circulating), the new text messages usually don’t contain spelling mistakes, so they can be harder to spot. However, they do contain a website link followed by 6-8 random letters and numbers. Here are some examples:

Text message that reads "Visit (website) to manage your delivery. Your order E201(redacted) will be DELIVERED SOON." Some identifying details from the message are covered with a bar.

Example: An SMS that says your order will be delivered soon

 DHL-6461W Last chance to PICK it up." Some identifying details from the message are covered with a bar.

 

Example: This SMS says it's your last chance to pick up a pending package.

 your parcel is out for delivery today! Track your PARCEL here", followed by a URL. Some identifying details from the message are covered with a bar.

 

Example: This SMS says that a parcel is coming today.

 you have (2) PENDING packages. Last chance to pick up the package", followed by a URL. Some identifying details from the message are covered with a bar.

Example: SMS that claims you have 2 packages and it is your last chance to collect.

A message that says "Your DHL package is on ITS way! Click", followed by a URL. Some identifying details from the message are covered with a bar.

Example: This SMS asks you to click to track a package.

Voicemail and missed call notifications (August 2021)

Missed call and voicemail messages started circulating in Australia in August 2021. They often begin with 5-6 random lowercase letters or numbers, then say you had a missed call or voicemail message.

The text message often includes several misspellings. Here are some examples.

  • ab12c3 Nfw voice yessage received
  • gh6tr7 Voicemail message receiied
  • x78y9z New oozce-message received

After saying you have a missed call, voicemail or message, the messages include a link. The message may also say the voicemail message will be automatically deleted if you don’t access it.

Several Flubot scam messages, all listed in the spam and blocked folder in an Android phone's messages app

Example: Android's spam/blocked folder with several scam messages

A text message that reads 'Voicemail message received. Visit pomu-haha.com before it is automatically deleted.' Some details such as the full address are blocked out.

Example: A scam message saying that a voicemail message was received.

 xlevel.com.ec.' Some details such as the full address are blocked out.

Example: A fake voice message notification on an iPhone

 kapsol.ir' Some details such as the full address are blocked out.

Example: A text message saying that the recipient missed a call.

 "sxpyr You hage a missei casl. Caller left yoj a messag." Some details are blocked out.

Example: An iPhone notification showing a scam message about a missed call.

What happens if you click or tap the link

Clicking/tapping the link could lead to downloading malware (malicious software) to your phone.

Here’s what each type of scam looks like.

For delivery texts

You’ll see a screen with:

  • stolen DHL / courier branding
  • a button or link asking you to download an app to track your delivery's progress

The page sometimes says your phone may flag the app as suspicious and that you should ignore this warning.

For voicemail/missed call texts

You’ll see a screen with:

  • your phone number
  • a note saying how long the fake message is (such as 2 minutes and 34 seconds)
  • a link to ‘Download voicemail app’ and instructions to enable the download of the application if this was blocked initially by your phone.

If you have an Android device

If you have an Android device, it will download an application called Voicemail71.apk or DHL34.apk. This application is malware.

You would then be asked to install the application.

The landing page that asks you to download the fake DHL application can look like this:

The fake landing page contains stolen DHL logo, an image of a woman holding a parcel, a button to download the malware, and instructions to bypass your phone's malware protection.

The application may be able to:

  • read your text messages
  • send text messages from your phone
  • make phone calls from your number
  • access your contacts

Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.

It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam.

If you have an iPhone

If you have an iPhone, you may see a link to download software. This software isn’t the same as Flubot, but it can still damage your device.

What to do if you’ve downloaded the Flubot

Act immediately. If you have already clicked the link to download the application, your passwords and online accounts are now at risk from hackers.

Don’t enter any passwords or log into any accounts until you have followed the below steps.

Clean your device

Cleaning your device using the steps below will remove the malicious software from your device.

To clean your device, you can:

  • contact an IT professional
  • download official Android anti-virus software through the Google Play Store
  • perform a factory reset of the device.

Performing a factory reset of your device will delete all of your data including photos, messages, and authentication applications.

Change your passwords and secure your information

If you have logged in to any accounts or apps using a password since downloading the app, you need to change your passwords.

If you have used the same passwords for any other accounts, you also need to change those passwords.

Contact your bank and ensure your accounts are secure.

How to protect yourself

  • Do not click on links in text messages saying you have a voicemail or missed call.
  • Do not call back the individual who sent the text. It’s unlikely that they are a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing.
  • Delete the message immediately.
  • Learn more about FluBot scams and other relevant phone scams at the ID Care website  .

Have you been scammed?

  • Make a report to ReportCyber if you have been a victim of this cybercrime.
  • We encourage you to report scams to the ACCC via the report a scam  page. This helps us to warn people about current scams, monitor trends and disrupt scams where possible. Please include details of the scam contact you received, for example by including the email or screenshot.
  • If you have lost personal information to a scammer and are concerned, you can contact IDCARE  .
  • Spread the word to your friends and family to protect them.

The information contained in this article is only correct at the point of time of publication. It is general information and has been prepared without taking into account your personal circumstances, objectives or needs. Please consider if this information is right for you before making a decision to acquire any product.