page top

Flubot Scam

Attention: open in a new window. Print

virus-icon

Since August 2021, many Australians have been getting scam text messages about missed calls, voicemails or deliveries.  In the first month after this scam was first reported, Scamwatch received over 9500 reports of these scams.  

The ACCC has contacted Financial Institutions with urgent information for members detailing the dangerous evolution and anticipated impact arising from the evolution of flubot scam and its viral distribution to customers via SMS. The next phase of the ‘Flubot’ malware scam is likely to evolve to include attempts to imitate mobile banking apps and access consumer’s financial information. 

Following Flubot’s emergence in Europe earlier this year, scammers have developed a html page overlay for banking apps in those countries. This means that if consumers download the malware, they will download all available  overlays from the central Flubot server. These are designed to be identical to the login screens for their banking apps. When they open their banking app, consumers see a page identical to the login screen they are used to and enter their account and personal details, which are then sent back to the Flubot control server and can be used to access consumers bank details from then on.

We are concerned that Australia-specific banking login pages are being prepared for all banks and will soon be uploaded to the central server and widely disseminated to infected devices. This will result in infected users having their banking credentials compromised and will likely cause significant financial losses. 

How this scam works and what to look out for

Scammers are frequently updating the Flubot text message format. We’ll update this page, but we recommend that you check the @Scamwatch_gov Twitter account  for the most up to date warnings about these messages.

Here are some examples of what these texts currently look like. 

Clicking the link in these types of messages could lead to downloading malware to your phone. 

The application may be able to:

  • read your text messages
  • send text messages from your phone
  • make phone calls from your number
  • access your contacts

Installing the software is likely to give scammers access to your passwords and accounts. They may be able to use this information to steal your money or personal information.

It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam.

Potential future iterations of this scam may possibly utilise messages like:

  • "Your LCU account has been accessed, please click this link to login and secure your account"
  • "A transaction for X amount has been charged to your LCU account, please click this link to login and confirm or block the transaction"
  • Note these are just some predictions we are making based on trying to anticipate scammers' methods - you may see other texts that don't resemble the above two examples

How to protect yourself

  • Do not click on links in text messages saying you have a voicemail or missed call. LCU will never text you a link asking you to enter your personal information into the destination website. 
  • Do not call back the number that sent the text. The sender number is usually spoofed so it’s unlikely that the actual owner of the number is the scammer or criminal who sent the message. Scammers can disguise their caller ID as legitimate numbers to carry out these scams.
  • Delete the message immediately.
  • Learn more about FluBot scams and other relevant phone scams at the ID Care website.

Enquire Call 02 9859 0585