FluBot 'package delivery' SMS scam

News /

Spyware Alert: Guidance on the FluBot 'package delivery' text messages scam

Many people have reported receiving a text message asking them to install a delivery tracking app because they have missed a delivery.

The app is spyware known as FluBot, and it's affecting Android phones and devices throughout the UK.

How does it work?

Initially, the victim will receive a text message saying they have missed a delivery and to click on a link.

The link directs the victim to a scam website where they are encouraged to download an app.

  • Android - Users of Android devices made by Google, Huawei and Samsung will be encouraged to download a tracking app.
  • Apple - Users of Apple devices do not get asked to download an app, but they may be re-directed to a scam website that can steal personal or sensitive information.
  • FluBot steals passwords and other sensitive data, including contact details; it can also send out text messages - helping to spread the spyware even more.

If you receive a text message that looks like a scam:

  • Under no circumstances should you click on a link.
  • Do not install any apps.
  • Forward the text message to 7726.
  • Delete the text message.

At the moment, the text messages appear to have been sent by DHL. If you are expecting a delivery from DHL, ensure you visit the official DHL website - track.dhlparcel.co.uk rather than clicking on any links in the text message.

If you have already downloaded the app:

You should take the following steps to clean your device as soon as possible, as your passwords and sensitive data are now at risk.

Do not log into any accounts, or enter your password, until you have followed the below steps to clean your device:

  • Perform a factory reset on your device as soon as possible.
  • When you set up the device after a reset, you may be asked if you want to restore it from a backup. Avoid restoring from any backups created after you downloaded the app, as they will also be infected.

How to protect your accounts:

  • If you have logged in to any accounts or apps using a password since downloading the app, you will need to change the password for those accounts.
  • If you have used these same passwords for any other accounts, you will also need to change those passwords.

How to protect yourself from scams like this:

  • Back up your device to ensure that important data and information is not lost.
  • Only install new apps onto your device from the app store that your manufacturer recommends.
  • For Android devices, ensure that Google's Play Protect service is enabled if your device supports it.

Please note: At the moment, the scam text messages claim to be from DHL, but the criminals can easily change this to another company or service - so beware.

Mark Burcher