This scam message promises details on an online order out for delivery with DHL – but when phone owners click on the link to get the delivery information, they’re taken to a spam website that tries to download malware to their device. If you use an iPhone, the malware isn’t able to infect your device, so there’s no risk visiting the website. That’s because Apple doesn’t allow users to install apps from the web – with only the App Store able to install new software. However, if you’re using an Android smartphone or tablet and click on the link – you will kickstart a download of FluBot.
The ability to download apps using files known as APKs is something that leads many people to pick Android over iPhone. It means you’re not restricted to a single App Store and can download software that customises the operating systems in ways that Google or Apple might not allow. However, downloading from outside of the Google Play Store or App Store carries some risks.
Worse still, if your Android device is infected, FluBot will raid your contact details to send out more fake DHL, Hermes or other delivery scams to try to keep spreading the spyware.
If you’re reading this a little too late and already clicked on the link – it’s easy enough to do, especially if you’ve been shopping in the sales online and have lost track of which couriers will be handling your orders – the team at Sky Mobile has some advice about your next steps. In its blog, it warns: “If you’ve already followed a link and given any details and/or agreed to download anything, your phone might be infected with malware.
“The mobile industry recommends you factory reset your device to remove it. After that, avoid restoring from any back-ups you created after the phone was infected to ensure any malware is completely removed. Android users should avoid downloading third-party apps from unknown sources via Settings and ensure the Google Play Protect function is on. If you gave any bank details or used banking apps on your phone, we also recommend informing your bank.”
The Money Advice Service warns that “smishing can be difficult to spot, particularly if it’s someone who would normally contact you by text. But, like email scams, there are some tell-tale signs. For example, there might be spelling mistakes or the text just addresses you as Sir or Madam. Real messages from these companies will usually address you by your full name.
The Money Advice Service, which is the largest single funder of debt advice nationwide, warns anyone who is suspicious of these messages to avoid clicking on any links found in the text. If in doubt, go directly to the website and login as normal – navigating to the DHL order tracking webpage of your own volition and inputting the order number from the text will soon rumble it as a fake.
This post originally appeared on Daily Express :: Life and Style Feed