Home
 » ISP News » 
Sponsored

Mobile Operators and Ofcom Warn of Scam DHL and FedEx Text

Friday, April 30th, 2021 (8:55 am) - Score 3,216
DHL_Delivery_Flubot_Scam_Message

We’ve had several of these and there’s a good chance you have too. This week has seen Ofcom and all the major mobile operators – EE, Vodafone, Three UK and O2 – issue warns to customers about a surprisingly prevalent piece of malware called FluBot, which sends fake DHL or FedEx delivery messages that can infect your phone.

At this point we’ve probably all experienced the occasional SPAM TXT and the idea of including a dodgy link, which can be used for phishing your personal details or to infect your device, is nothing particularly new. Obviously, it’s not the text message itself that’s dangerous, but the link it includes and what happens if you access (click / tap) it.

In this case FluBot generates a fake DHL Delivery message, which includes a link for tracking a non-existent parcel. Like most such scams there’s a strong element of social engineering involved, which may explain why this particular malware (malicious software) has been so successful. Simply put, a lot of people receive parcels from DHL and the inclusion of links in such notifications is common.

The problem this time is made worse because this is more than a mere phishing attempt. If you happen to click that link then FluBot will attempt to infect Android based Smartphones (it won’t infect iOS but does redirect Apple users to a phishing site) with spyware, which hides in the background while snooping on all your sensitive data and credit card details. On top of that it’ll spam infected messages at all your contacts – they’ll love that.

According to a spokesperson for Vodafone, “We’ve seen reports of this across all networks in many countries, and it seems to be growing quickly. Please be vigilant.” At present if you have been infected then the recommended course of action is to factory reset your phone (say bye.. bye to your history if you haven’t done a backup) and to change any passwords associated to services you may have accessed via your phone.

Obviously, if you need to check DHL deliveries than it’s best to visit the official website  – https://track.dhlparcel.co.uk – and try to avoid clicking any links in text messages.

A Closer Look at Flubot

So far as we can tell, this particularly ugly and effective piece of malware first cropped up in Spain toward the end of last year and has since spread rapidly across the rest of the EU and UK, particularly over the past couple of months. Many of the people we know have received such a message, in a few cases multiple times, and indeed so have we. The names of various delivery companies are used, but DHL and FedEx are the most common.

According to security researchers at Proofpoint, the FluBot versions analysed impact at a minimum Android SDK version 7.0 and target Android SDK version 9.0. The good news is that Android requires users to grant permission before an untrusted app can do anything, thus if you do click the link then it’ll usually prompt you with a few access request windows first (i.e. this is a last chance to stop the malware and deny it access).

Proofpoint Statement:

“Once given the permissions, both FluBot versions act as spyware, SMS spammer, and credit card and banking credential stealers all in one. Reaching out to the C2 server, the malware sends the victim’s contact list and retrieves an SMS phishing message and number to continue its spread using the victim’s device.

Additional functionality includes intercepting SMS messages, USSD messages from the telecom operator, and app notifications, opening pages on a victim’s browser, disabling Google Play Protect to prevent its detection, opening a SOCKS connection and creating a SOCKS proxy for communication depending on the C2 request, and uninstalling any app as directed by the C2. The malware also uses the system’s “locale.getLanguage()” to set the text language for interfacing with the victim, ensuring they will be none the wiser when they encounter notifications.

Another key part of the malware’s functionality is its ability to install display overlays for various banking apps and Google Play verification. When the malware has captured the victim’s credit card information, the card number format is validated locally and then sent to the C2 for exploitation.”

If you do receive the message then you should report the text by forwarding it to text number 7726 (recognised by UK operators) and then delete it. As a general rule, try to avoid clicking links that are sent to you via a text message. Instead, try to find an alternative route to check if the information is correct, such as going directly via an official website etc.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on Twitter, , Facebook and Linkedin.
Leave a Comment
7 Responses
  1. adslmax says:

    Sick of tired of scam email, landline phone calls, mobile calls, mobile SMS

    DO BLOODY SOME THING TO STOP THIS GOVERNMENT

    1. Anonymous says:

      See recent alert from Ofcom saying “don’t trust caller ID”.

      Just astounding.

  2. Paul says:

    If you can copy the link without clicking it, say by retyping the url, its a good idea to submit the url here:

    https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

    Once reviewed, most browsers then seem to block the URL from loading (explained here: https://developers.google.com/safe-browsing/).

    Sometimes phishing url’s only work from a mobile phone, so don’t be surprised if you do happen to click them and they do nothing. (though best not to click them).

    1. Ugbenyen Precious says:

      This happens to me three time I live in Germany

  3. timeless says:

    my ISP is almost spamming this warning on twitter daily warning users about this.

    1. JP says:

      Good on them, it will cost them more to not act.

  4. JP says:

    I think its time to educate the masses and set a regulation for communications with users/customers.

    If communications between companies and customers is restricted to just text only notifications of informative purpose and not instructive purposes and everybody can understand this then the expectation of clicking or responding is mute.

    We’ve just spent a year being brainwashed by covid related messages and demands, so why not extend this to protect people from a war that rages on ‘virtually’

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Comments RSS Feed

Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheapest Superfast ISPs
  • Hyperoptic £20.00 (*22.00)
    Speed 50Mbps, Unlimited
    Gift: None
  • Plusnet £21.95 (*36.52)
    Speed 36Mbps, Unlimited
    Gift: £50 Reward Card
  • Vodafone £22.00 (*25.00)
    Speed 35Mbps, Unlimited
    Gift: None
  • NOW £23.00 (*32.00)
    Speed 36Mbps, Unlimited
    Gift: None
  • TalkTalk £23.00 (*29.95)
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | View All
Cheapest Ultrafast ISPs
  • Community Fibre £25.00 (*29.50)
    Speed: 300Mbps, Unlimited
    Gift: Double Speed Boost
  • Hyperoptic £25.00 (*35.00)
    Speed: 150Mbps, Unlimited
    Gift: None
  • Virgin Media £26.00 (*52.00)
    Speed: 108Mbps, Unlimited
    Gift: None
  • Vodafone £26.00 (*29.00)
    Speed: 100Mbps, Unlimited
    Gift: None
  • Gigaclear £29.00 (*49.00)
    Speed: 300Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (3369)
  2. BT (2975)
  3. Politics (1884)
  4. Building Digital UK (1883)
  5. FTTC (1869)
  6. Openreach (1792)
  7. Business (1634)
  8. Mobile Broadband (1435)
  9. Statistics (1380)
  10. FTTH (1362)
  11. 4G (1244)
  12. Fibre Optic (1149)
  13. Wireless Internet (1135)
  14. Virgin Media (1131)
  15. Ofcom Regulation (1123)
  16. Vodafone (819)
  17. EE (810)
  18. TalkTalk (747)
  19. Sky Broadband (726)
  20. 5G (725)
Promotion
Helpful ISP Guides and Tips
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
»
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact