What is the Flubot scam?

The Flubot scam will send your mobile phone a text message asking you to tap on a link to download an app to listen to a voicemail or request information for parcel delivery. If the app is downloaded it will be able to access information on your phone and even send messages or make calls to your contacts. It will also ask other infected Australian Mobile phones to send Flubot messages to contacts it steals from your phone, therefore expanding the scam. 

Installing this app is also likely to give scammers access to your passwords and accounts where they may be able to use this information to steal your money or personal information.

It is important to remember that this message is fake and there is actually no voicemail or delivery that you need to address. The app is malicious software. If you receive one of these messages it is vital, that you do not click on the link and delete the message immediately. 


What do the messages look like?

Flubot messages are usually referring to DHL or Amazon deliveries but this may not always be the case. The messages have previously come in the form of a missed call and voicemail text message.  


Messages can include:

  • scheduling a delivery time
  • tracking a delivery
  • managing a delivery that is ‘in transit’ or will be 'delivered soon'
  • telling you it's your last chance to arrange pick up/delivery of a parcel
  • asking you to enter your details to receive a package
  • getting 'more information' about your delivery.
  • Missed call with a voicemail message via text message

Unlike earlier Flubot messages (which are also still circulating), the new text messages may not contain spelling mistakes, so they can be harder to spot. However, they do contain a website link followed by 6-8 random letters and numbers


Examples of a Flubot message


Flubot Scam1


How can I protect myself?

  • Do not click on the links in text messages that say you have a voicemail, missed call or parcel delivery
  • Do not call back the individual who sent the text. It’s unlikely that they are a scammer or criminal. Scammers can disguise their caller ID as legitimate numbers to carry out these scams. This is also known as spoofing.
  • Immediately delete the message when received


What do I do if I download the Flubot?

You must act immediately. Once the link has been clicked on and the application downloaded your passwords and online accounts are at risk of being hacked.

Don’t enter any passwords or log into any account until you have contacted an IT professional. 

Change your passwords immediately to ensure other accounts are not affected.  

Source: ACCC – Scam watch