The NZ Government’s cybersecurity arm, CERT NZ, has issued a warning for an SMS scam affecting Android mobile devices. It starts by sending users a text message about a pending or missed parcel delivery, with a link to the delivery website.
Clicking the link installs a malicious app on the victim's phone. “The application attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself,” CERT NZ warns users.
“Once a device has been infected with this malicious app it can result in significant financial loss.”
Afterwards, 'FluBot', the newly installed malware, will automatically send text messages from the infected to the other contacts it received from other infected devices. After sending the message, the app will now have the phone block the numbers it sent out to, preventing the recipient from responding and raising any suspicions about the app.
“It sends itself to everybody in your address book,” says Paul Brislen, CEO of the Telecommunications Forum, which includes providers like Spark, Vodafone, and 2degrees.
Be wary of any text messages regarding parcels or deliveries you don’t remember, especially if you’re the owner of an Android device.
Your device is affected once you clicked the link, or have successfully installed the app from the link contained in the text message.
CERT NZ strongly advises not to click on the provided link. In case you receive the message and you really are expecting a parcel or delivery, be cautious and track the parcel through your chosen courier’s website instead.
If you get the text message, you may forward it to the Department of Internal Affairs free of charge via 7726.
In the event your phone is compromised, CERT recommends performing a factory reset on your device as soon as possible. Do not restore any personal backup data since you may acquire the same problem as before.
You may also need to change the passwords to all of your online accounts, especially anything related to finance, like your bank account. If you believe your account was already compromised, contact your bank immediately.
Stamping out the problem has been a little complicated for the authorities. The scam is coming from real numbers owned by real people so blocking them can be quite complicated. For now, some recommendations to help prevent further incidents include:
For those who have been looking into getting a more reliable phone or mobile plan, this is the best time to upgrade.
You never know what kind of malware could get into your system if your phone is no longer working properly. Easily compare mobile phone plans if you need to switch to a more reliable provider.
Stay safe and keep an eye out for suspicious activity not just in the outside world, but in the digital space as well.
Looking for a place in Wellington? Compare rental prices to find which one best fits your budget.
Compare mobile phone plans from top providers in New Zealand and find the best mobile plan for you. Kogan, Spark, Skinny, 2degr...
Extremely easy and fast to show suitable and economical choices, and also special promotions , I used it to find the best value and most suitable broadband for my situation. I am very happy with the results and to also see and understand the comparisons between the different businesses and their offerings. Will definitely use Glimp again
Nice experience and helped me found my suitable power, telecom and gas provider.
Fast easy service - was able to tailor to my situation. Would recommend!
Larry G was very helpful when we were setting our internet provider. He was very informative and patient with the process. Glimp is an awesome website when comparing and switching power/internet providers.