What’s happened?
We are aware that a significant number of people across the UK have been targeted with an SMS message that has been faked to look as if it has come from a delivery service. The message instructs you to download a file so that you can track a parcel. While initial messages claimed to be from DHL (see example below), the scam also has taken on other company brands including Asda, Amazon and Argos, to name a few.
If you click on this link on an Android phone and download the file this will attempt to install malware on your phone. If the file is installed the malware will gain permissions on the phone including intercepting and sending SMS messages and attempting to capture online banking details.
This fraudulent attack has affected all network operators, and as an industry, we are advising customers to be vigilant and careful about clicking on any links received in an SMS
Advice for customers
If you have received the message but have taken no further action, i.e. you have not clicked on the link in the message:
You should simply delete the message (if you wish to report this or any other fraudulent message you can also forward it free of charge to 7726).
If you have received the message and have clicked on the link but not downloaded the file:
Your phone will not be infected with the malware. You should simply delete the message. If you wish to report this or any other fraudulent message you can also forward it free of charge to 7726.
If you have received the message and have clicked on the link and downloaded the file on an android device:
You should be advised that your contacts, SMS messages and online banking details (if present) may have been accessed and that these may now be under the control of the fraudster.
If this is the case, in line with industry advice, we strongly advise that you perform a factory reset immediately Failure to do this will leave you at continuing risk of exposure to a fraudster accessing personal data.
When you set up the device after the reset, it may ask you if you want to restore from a backup. You should avoid restoring from any backups created after you downloaded the app, as they will also be infected.
Please note that if you don’t have backups enabled, you will lose data such as photos, downloads and contacts etc.
For further protection:
If you are using online banking on the device you should contact your bank immediately, advise them what has happened and ask for further guidance.
You should change any password that is stored on the device for example in an SMS, notes or contacts
You should change any password for any app or online services if they were entered whilst the fraudulent app was installed.
If your device has been infected with the Flubot malware and you’ve been charged for SMS messages outside your plan, we will refund you as soon as possible. Please contact us.
What if I have received the message and clicked on the link / downloaded the file on a non Android device?
Your device will not have been affected by attempting to download the file and you should delete the message.
To protect yourself from future scams like this, you should:
Back up your device to ensure you don’t lose important information like photos and documents.
Only install new apps onto your device from the app store that your manufacturer recommends.
For Android devices, make sure that Google’s Play Protect service is enabled if your device supports it. Some Huawei devices provide a similar tool to scan devices for viruses. This will help identify if there is any malware on your device