Victims of text scam deluge advised to wipe their phones and change passwords | #phishing | #scams | #education | #technology | #infosec

Government cyber-security agency Cert NZ has issued a strong warning to phone users impacted by malware spread through a deluge of scam texts sent to Spark, Vodafone and 2degrees customers.

Spark warned earlier on Wednesday that it believed a form of malware called a ‘Flubot’ was responsible for the scam texts, and that has been confirmed by Cert NZ.

Cert NZ said in an advisory that Android phone users were receiving texts suggesting they needed to take action about a parcel delivery.

Clicking on a link contained in one of the text messages would result in a “malicious app” being downloaded to their phone, it warned.

* Northland woman defrauded of $180k in simcard scam
* iPhone users warned to be on alert for phishing attacks
* ASB warns ‘smishing’ scam is underway
* Mobile phone customers receive scam text

“The application attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself.

“Once a device has been infected with this malicious app it can result in significant financial losses,” Cert NZ warned.

The app sent out similar scam texts to anyone listed in the victim’s address book and then blocked those numbers so recipients were “unable to respond, to avoid raising suspicion”, Cert NZ said.

It advised anyone who had clicked on the malware to reset their phone to factory settings “as soon as possible”.

“This will delete any data on your phone, including personal data. Do not restore from back-ups created after installing the app. Seek the services of a qualified IT professional if you require assistance,” it said.

Cert NZ warned that victims would also need to change the passwords to all their online accounts “with urgency around their online bank accounts”.

“If you have concerns that your accounts may have been accessed by unauthorised people, contact your bank immediately,” it said.


Spark said the scam texts were designed to propagate to people’s address-book contacts once clicked on.

The Department of Internal Affairs said in a similar warning that it had received “thousands of complaints over the last 24 hours” about the texts.

The three phone companies all confirmed on Wednesday that their customers had been receiving large volumes of scam texts telling them they needed to click on a link to have a delivery redirected.

2degrees was first to raise the alarm on Wednesday morning.

Spokeswoman Andrea Brady said text scams were not unusual but the number of texts being sent out was “quite out of the ordinary”.

“Everyone is being hit,” she said.

Vodafone spokeswoman Nicky Preston and Spark spokeswoman Cassie Arauzo both confirmed their customers were also receiving an unusually large number of scam texts.

Arauzo and Telecommunications Forum chief executive Paul Brislen issued similar advice to Cert NZ, prior to Cert NZ’s advisory

Brislen said the malware had the potential to cause a lot of damage “at a time when everyone is using courier delivery services”.

Nadia Yousef, an incident manager at Cert NZ, encouraged victims to come forward.

“If people have been affected by these scams, we encourage them to report them to us as soon as they can,” she said.

Tom Pullar-Strecker/Stuff

Vodafone NZ believes the scam messages are being propagated by customers’ phones sending out the texts to contacts in their address book, but says details are still being investigated.

Yousef said people should not feel embarrassed if they got fooled.

“This embarrassment can be a barrier to people seeking help and potentially getting their money back.”.

People could protect themselves from frauds by contacting the actual brand scammers were impersonating, through their publicly-listed number, and verifying requests, she said.

Brady said the messages appeared to start on Tuesday afternoon and many customers had received multiple scam texts overnight.

One customer reported 14 different scam texts overnight, she said.

Preston said Vodafone was seeking to take down the websites that the scammers were directing people to visit.

Vodafone and Spark believed phone customers overseas had experienced similar issues.

Brady assumed scammers were seeking to take advantage of the increase in online shopping during the current Covid restrictions.

Source link