Beware of the Flubot scam.

First reported to the ACCC in early August 2021, many Australians have received Flubot scam text messages about missed calls, voicemails or parcel deliveries with the aim to get your personal details.

With 12,000 reports of this scam so far, here's what you need to know and how to avoid getting caught out.

What is the Flubot scam?

The Flubot scam will send your Android phone or iPhone a text message asking you to tap on a link to download an app to track or organise a time for a delivery or listen to a voicemail message. This message is fake, there is no delivery or voicemail, and the app is actually malicious software that may read your text messages, send texts from your phone, make calls from your number and access your contacts.

Installing this app is also likely to give scammers access to your passwords and accounts where they may be able to use this information to steal your money or personal information.

It will also ask other infected Australian phones to send Flubot messages to the numbers it steals from your phone, continuing and expanding the scam.

It is crucial that if you receive one of these messages, you do not click or tap on the link. Delete the message immediately.

What the scam messages look like.

Flubot scam messages usually refer to DHL and Amazon and always ask you to take some form of action in relation to the 'delivery'.

Messages can include:

  • Scheduling a delivery time.
  • Tracking a delivery.
  • Managing a delivery that is 'in transit' or will be 'delivered soon'.
  • Telling you it's your last chance to arrange pick up/delivery of a parcel.
  • Asking you to enter your details to receive a package.
  • Getting 'more information' about your delivery.

Examples of a Flubot message.

How to protect yourself.

  • Do not click on links in text messages saying you have a voicemail or missed call.
  • Do not call back the individual who sent the text. They are likely to be a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing.
  • Delete the message immediately.

If you've downloaded the Flubot app, take immediate action.

If you think you've downloaded the Flubot it is important that you act quickly as your passwords and online accounts may be at risk from hackers.

Do not enter any passwords, or log into any accounts and immediately contact your bank and other financial institutions to ensure your accounts are secure.

You will also need to clean your device to remove the malicious app which a factory reset can do. Visit the Scamwatch website for further information and instructions on how to do a factory reset.


Important note: This information is of a general nature and is not intended to be relied on by you as advice in any particular matter. You should contact us at Defence Bank to discuss how this information may apply to your circumstances.

More in this category:
All articles.