A new scam known as “Flubot” is sending thousands of text messages to Australians as they wait anxiously for updates on COVID tests and vaccination appointments.

Key points:

  • A cybersecurity expert says scammers would be “bonkers” not to try and exploit the pandemic
  • The Flubot scam tried to get the recipient to download malware that allows personal details to be stolen
  • Telstra’s Darren Pauli says recipients should attempt to block numbers and contact their service provider

“Voicemail received,” the text reads. “Visit [link] before it is automatically deleted.”

Telstra cybersecurity expert Darren Pauli says the aim is to get recipients to download a malicious app.

“You don’t instantly get hacked,” he said.

An Australian Competition and Consumer Competition (ACCC) spokesperson said the scam, first reported on August 4, had been reported hundreds of times.

The texts can be sent multiple times per day, from different mobile numbers.

Mr Pauli said unlike many scam phone calls or emails, the Flubot was difficult to block.

Plenty of ABC North West Queensland’s Facebook followers have received the text.(

ABC North West Queensland

)

What to do if you get scam texts

Although people can add their numbers to the Do Not Call register, that will not prevent Flubot texts.

“Cybercriminals do not respect any rules,” Mr Pauli said.

“If you think about numbers, they’re basically just a sequence — if my number ends in a five, for example, if you turn that into a six you’ll get another person.

“That’s why everyone is seeing this.”

Cheap and nasty

Mr Pauli said text messaging was ideal for scammers, who looked for maximum reach at the minimum cost.

“It’s normally sent from whichever way they can make a buck and typically that’s via email because it’s cheap,” he said.

Flubot can be difficult to block, Mr Pauli says.(

ABC North West Queensland: Kemii Maguire

)

Mr Pauli said the Flubot scam had already torn through Europe, with the scammers keen to capitalise on the pandemic.

“When you remember the Nigerian Prince email scam, think of it as no different as that,” Mr Pauli said.

Posted , updated