A fake DHL text message which lures recipients into downloading a mobile app is the latest scam to be extremely vigilant of. The text message, which claims to be from DHL, provides a tracking link for a parcel. Once you click on the link, you are taken to a genuine-looking website and asked to download a ‘tracking app’.

However, this does not download an app and you will be downloading spyware instead, which is a type of malware that steals your personal details while staying hidden in your device.

This particular spyware scam has been labelled ‘Flubot’.

Flubot not only steals personal information, such as passwords, login details and banking information, but it will also send other fraudulent texts to contacts in your phone.

Currently, the scam is only targeting Android users. However, we also urge iPhone users to remain extra vigilant as they could still receive the text and be diverted to a fake website which can still steal your personal information.

What to watch out for

  • Any text message from DHL, and be wary of any links, especially ones which prompt you to download an app.
  • Most delivery companies will provide a time and date of delivery, but that doesn’t mean a message with this information isn’t a scam.
  • Be careful when receiving any communications from any delivery company. There have been similar scams circulating in recent months.
  • Be incredibly cautious when receiving any email relating to cryptocurrencies or Bitcoin, even more so when they are encouraging investment opportunities.

How to avoid falling for these scams

  • If you are not expecting a parcel, be even more vigilant. The chances are it’s a scam.
  • If you are expecting a delivery, and the message appears to be genuine, always check the website URL and make sure it is secure and genuine.
  • Should you be asked to download an app, stop. Get advice from a friend or relative, or even better, contact the company you have placed the order with to confirm whether the message is genuine.
  • Never click on suspicious links and only download legitimate apps from official app stores.

What action should you take?

If you have already fallen victim to the Flubot scam, there are a few steps you must take to protect your passwords and information from hackers:

  • Don’t log into any of your online accounts or enter any passwords or sensitive information into a website on your phone.
  • Perform a factory reset of your device to ‘clean’ it.
  • When you restart your phone, DO NOT restore from backup as this may re-infect your device.
  • Change all your passwords and login details.

Further information and support

  • If you receive a text message you believe to be fraudulent, forward the suspicious text to 7726.
  • If you believe you have been the victim of fraud or identity theft, you should report this directly to Action Fraud on 0300 123 2040.
  • If you think you may have handed over your card details to scammers, please let us know immediately.