MAJOR mobile networks including EE, Vodafone, Three and O2 are warning customers about a new text message scam.
The message, which pretends to be from delivery firm DHL, asks users to install a tracking app – but it's actually a form of malware.
Known as Flubot, it can take over your device if you click on any links to gather personal data, including online banking details.
It can also eavesdrop on incoming notifications, read and write SMS, make calls and transmit your entire contact list back to its contact centre.
Vodafone said millions of the text messages have already been sent across all networks, and it's now urging customers to be "especially vigilant".
It's also telling users who've received the messages and clicked on the links to stop using the device, reset it to factory settings and restart it.
Its rivals Three, EE and O2 have all issued similar warnings on social media in recent days and shared pictures of the fake messages.
O2, for example, tweeted: "We’ve become aware of a new fake text/SMS scam that is going around called Flubot.
"We're advising our customers to be vigilant and forward anything suspicious to 7726."
By forwarding any suspicious messages to 7726, which is a free reporting service run by telecoms regulator Ofcom, the links can be tracked.
Once you've reported it, it's best to delete the message from your phone.
How to spot a scam
BY keeping these things in mind, you can avoid getting caught up in a scam.
- A genuine bank or organisation will never ask you to hand over your PIN, cards, cash, or transfer money to a new account.
- Look for grammatical and spelling errors; fraudsters are notoriously bad at writing proper English. If you receive a message from a “friend” informing you of a freebie, consider whether it’s written in your friend’s normal style.
- If you’re invited to click on a URL, hover over the link to see the address it will take you to – does it look genuine?
- To be on the really safe side, don’t click on unsolicited links in messages, even if they appear to come from a trusted contact.
- Be careful when opening email attachments too. Fraudsters are increasingly attaching files, usually PDFs or spreadsheets, which contain dangerous malware.
- Check that the phone number is genuine. You’ll find company telephone numbers on bills, statements or their website.
- Don’t rely on the caller display on your phone or SMS messages pertaining to be from your bank – fraudsters can manipulate these. Just because the number on the back of your card is the same, it doesn’t mean it’s the bank calling.
- Check that the website is secure and read reviews. Before you enter any sensitive information (such as payment details), look for "https" at the start of the website address – and a padlock or key icon next to the address bar on your device.
If you've fallen for the scam, follow the instructions from Vodafone and contact Action Fraud on 0300 123 2040 or use its online fraud reporting.
You should also let your bank know.
The UK's National Cyber Security Centre is urging victims not to log into any accounts on their phones until they've reset the device.
The malware is currently only affecting Android phones, although Apple users may still be directed to a scam website through the messages.
This is due to the way the malware is downloaded and installed.
A Vodafone spokesperson told The Sun: "We are aware of the Flubot SMS scam, and are advising customers to be especially vigilant with this particular piece of malware and to always be very careful about clicking on any links received in an SMS.
"The best advice if you’re unsure is to ignore, report, and delete.
"We will refund any customers who have plans that have resulted in them being charged for SMS messages sent by the malware."
Customers with the UK's major banks are also being warned about phoney text message scams – we explain how to spot they're fake.
Last month, fraudsters used the census survey to target vulnerable Brits to scam them out of thousands of pounds.
We also reported how scammers are targeting the millions of shoppers waiting for a parcel with a new Royal Mail text message con.
Source: Read Full Article