The NZ Government’s cybersecurity arm, CERT NZ, has issued a warning for an SMS scam affecting Android mobile devices. It starts by sending users a text message about a pending or missed parcel delivery, with a link to the delivery website.
Clicking the link installs a malicious app on the victim's phone. “The application attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself,” CERT NZ warns users.
“Once a device has been infected with this malicious app it can result in significant financial loss.”
Afterwards, 'FluBot', the newly installed malware, will automatically send text messages from the infected to the other contacts it received from other infected devices. After sending the message, the app will now have the phone block the numbers it sent out to, preventing the recipient from responding and raising any suspicions about the app.
“It sends itself to everybody in your address book,” says Paul Brislen, CEO of the Telecommunications Forum, which includes providers like Spark, Vodafone, and 2degrees.
Be wary of any text messages regarding parcels or deliveries you don’t remember, especially if you’re the owner of an Android device.
Your device is affected once you clicked the link, or have successfully installed the app from the link contained in the text message.
CERT NZ strongly advises not to click on the provided link. In case you receive the message and you really are expecting a parcel or delivery, be cautious and track the parcel through your chosen courier’s website instead.
If you get the text message, you may forward it to the Department of Internal Affairs free of charge via 7726.
In the event your phone is compromised, CERT recommends performing a factory reset on your device as soon as possible. Do not restore any personal backup data since you may acquire the same problem as before.
You may also need to change the passwords to all of your online accounts, especially anything related to finance, like your bank account. If you believe your account was already compromised, contact your bank immediately.
Stamping out the problem has been a little complicated for the authorities. The scam is coming from real numbers owned by real people so blocking them can be quite complicated. For now, some recommendations to help prevent further incidents include:
For those who have been looking into getting a more reliable phone or mobile plan, this is the best time to upgrade.
You never know what kind of malware could get into your system if your phone is no longer working properly. Easily compare mobile phone plans if you need to switch to a more reliable provider.
Stay safe and keep an eye out for suspicious activity not just in the outside world, but in the digital space as well.
Fuel prices in NZ are currently at a record high. Here are some effective tips on how to save money on your next drive.
YouTube and TikTok are the most popular sources of financial education and literacy among Gen Z. Here's our list of the best pe...
Sign up didn't go quite the way it was meant to. But Kate called and she walked through everything so we could work out what went wrong. she was patient, friendly, supportive and kept me calm to finally get plan registration sorted ( still can't log in though - she must be magic )
Found it really easy to find what i needed and also got a call regarding what deals might be best suited etc. Saves a lot of time. Highly reccommend glimp
Easy site to navigate. Gave me great options that suit my household including reputable providers I wasn't familiar with.
I’ve just had a great experience with Kurt from glimp compare. He helped me through the process from the time I clicked onto the website, via the chat function. Long story short I have signed up to a new power and broadband provider with significant cost savings. There was no pressure at any stage, just respectful guidance and facilitation to initiate the new supply.
Good options, but ideally an option to combine & compare cost for best mobile + broadband option would be nice.