Computer experts have warned the infuriating Flubot text messages scam could steal your bank account log in and force you to wipe your entire phone to get rid of it.
Thousands of Australians have been inundated with the annoying, badly spelt text messages claiming you have a missed call or voicemail message.
The messages, usually full of typing errors, tell users to click on an included link to retrieve the voicemail.
But the link actually takes callers to an illicit app which installs malicious malware that can capture all your passwords and logins – as well as contact details of all your friends.
Computer experts have warned the infuriating Flubot text messages scam could steal your bank account – and force you to wipe your entire phone to get rid of it.
Now Delia Rickard, deputy chair of the Australian Competition and Consumer Commission, has warned Australians: ‘Whatever you do, don’t tap on the link!’
The spyware software so far only affects phones running Google’s Android operating system, such as Samsung phones, owned by an estimated 10.3 million Australians.
The 8.3 million iPhone users in Australia have so far escaped the scam because of Apple’s tighter security lockdowns on their phones.
But for Android users, one click on those test messages could be a very expensive mistake.
Thousands of Australians have been inundated with the annoying, badly spelt text messages (pictured) claiming you have a missed call, voicemail or notice from a service provider
Dr David Lacey (pictured) from ID Care says his organisation has been receiving one complaint every hour from all across Australia by worried users hit by the scam
‘It’s particularly focused on harvesting your identity credentials and capturing your username and login for online banking,’ Dr David Lacey of ID Care, a not-for-profit cyber support service, told Nine’s A Current Affair.
‘Get onto your bank straight away and change your passwords and look at other online accounts.’
He said his organisation has been receiving one complaint every hour from all across Australia by worried users hit by the scam.
The malware uses rootkit level coding to install surveillance software which can log every keystroke, such as passwords and logins, and send them back to fraudsters.
It will also go through all your contacts and pass their details back too so they can be targeted next by the Flubot scam.
Dr Lacey added: ‘If you have clicked on the link the only remedy is basically doing a factory reset on your device.’
A factory reset – or wipe – of a phone erases everything on it including all your contacts and photographs, and you can’t then reinstall a back up because that will have been infected too.
Melbourne tradie Les Kontos relies on his mobile phone for his business, including contact details of his former customers, but he’s been bombarded by the scam texts over the past three weeks.
‘One night at 10pm, then the next morning 7am, then one after lunch, it is constant,’ he told the show.
‘You’re messing around with people’s emotions, livelihood, the money that they’ve worked hard for… if I lose all that, then you start from scratch.’
Tradie Les Kontos, from Melbourne, (pictured) relies on his mobile phone for his business so can’t change the number – but has been inundated with the scam texts
The ACCC says people have already contacted them after losing thousands in the scam but that could just be the tip of the iceberg.
Scamwatch is now receiving up to 500 Flubot reports a day, after it first appeared on August 4.
‘This is all done by organised crime. It is big business around the world,’ added Ms Rickard.
‘I cannot think of any time I’ve ever seen that many complaints on one scam in such a short period of time.
‘It’s a very sophisticated scam and potentially very dangerous. It can compromise people’s bank accounts.
‘Ignore them, hit delete and whatever you do, don’t tap on the link.’
FluBot text messages have already been detected across Europe including in in the UK, Spain, Germany, and Poland.
The UK’s National Cyber Security Centre has told users to factory reset their devices if they accidentally download the malicious apps as the software cannot survive the phone’s data being cleared.
In Australia, one user shared a message about the scams she received from Telstra, who told her the texts were being sent at random to Australian phone numbers.
‘As they’re coming from legit devices across the globe they’re more difficult to block than some other scams,’ the message from a Telstra representative read.
‘They’re hard to block as they’re coming from legitimate handsets and devices all over the world.
‘Most popular anti-virus apps for Android will clean it up.’
Daily Mail Australia has contacted Telstra for further comment.