A text message scam that affects Android phones has been widely reported in the UK. The message purports to be from a package delivery service and directs users to a link to install a tracking app, but this is actually a malicious piece of spyware.
The ‘FluBot’ spyware scam, as it has been dubbed, has the capacity to spy on phones and collect sensitive information, such as online banking details or account passwords. It can also send text messages to an infected device’s contacts, helping the scam to spread further.
The National Cyber Security Centre (NCSC) has published information about the text messaging threat. If users receive a spam text message, they should ‘Forward the message to 7726, a free spam-reporting service provided by phone operators’ and then delete the message. The NCSC also provides advice on what to do if you have been affected by the FluBot scam in the same article.
According to the NCSC, ‘Users of Apple devices are not currently at risk, although the scam text messages may still redirect them to a scam website which may [...] steal [their] personal information’.
Though scam text messages about package deliveries are prevalent, they are most commonly centred around phishing – where users are led to fill in a form with sensitive information that can then be used for the purposes of fraud or identity theft. As such, the FluBot spyware scam is seen to be more serious as it directly attempts to install harmful software onto a device and has widely spread across various regions, such as Spain, Germany and Poland.
Multiple phone network operators, such as EE, Vodafone and Three have issued warnings about the scam as well, and have asked users to be careful when clicking on any links in text messages.
Ben Wood, chief analyst at CCS Insight, a market research firm that focuses on the mobile and wireless sector, said: ‘This has the potential to become a denial-of-service attack on mobile networks, given the clear risk that a rogue application can be installed on users' smartphones and start spewing out endless text messages’. He also noted that the ‘broader risk for users is a loss of highly sensitive personal data from their phones’.