» ISP News » 
Sponsored Links

Mobile Operators and Ofcom Warn of Scam DHL and FedEx Text

Friday, Apr 30th, 2021 (8:55 am) - Score 8,648

We’ve had several of these and there’s a good chance you have too. This week has seen Ofcom and all the major mobile operators – EE, Vodafone, Three UK and O2 – issue warns to customers about a surprisingly prevalent piece of malware called FluBot, which sends fake DHL or FedEx delivery messages that can infect your phone.

At this point we’ve probably all experienced the occasional SPAM TXT and the idea of including a dodgy link, which can be used for phishing your personal details or to infect your device, is nothing particularly new. Obviously, it’s not the text message itself that’s dangerous, but the link it includes and what happens if you access (click / tap) it.

In this case FluBot generates a fake DHL Delivery message, which includes a link for tracking a non-existent parcel. Like most such scams there’s a strong element of social engineering involved, which may explain why this particular malware (malicious software) has been so successful. Simply put, a lot of people receive parcels from DHL and the inclusion of links in such notifications is common.

The problem this time is made worse because this is more than a mere phishing attempt. If you happen to click that link then FluBot will attempt to infect Android based Smartphones (it won’t infect iOS but does redirect Apple users to a phishing site) with spyware, which hides in the background while snooping on all your sensitive data and credit card details. On top of that it’ll spam infected messages at all your contacts – they’ll love that.

According to a spokesperson for Vodafone, “We’ve seen reports of this across all networks in many countries, and it seems to be growing quickly. Please be vigilant.” At present if you have been infected then the recommended course of action is to factory reset your phone (say bye.. bye to your history if you haven’t done a backup) and to change any passwords associated to services you may have accessed via your phone.

Obviously, if you need to check DHL deliveries than it’s best to visit the official website  – https://track.dhlparcel.co.uk – and try to avoid clicking any links in text messages.

A Closer Look at Flubot

So far as we can tell, this particularly ugly and effective piece of malware first cropped up in Spain toward the end of last year and has since spread rapidly across the rest of the EU and UK, particularly over the past couple of months. Many of the people we know have received such a message, in a few cases multiple times, and indeed so have we. The names of various delivery companies are used, but DHL and FedEx are the most common.

According to security researchers at Proofpoint, the FluBot versions analysed impact at a minimum Android SDK version 7.0 and target Android SDK version 9.0. The good news is that Android requires users to grant permission before an untrusted app can do anything, thus if you do click the link then it’ll usually prompt you with a few access request windows first (i.e. this is a last chance to stop the malware and deny it access).

Proofpoint Statement:

“Once given the permissions, both FluBot versions act as spyware, SMS spammer, and credit card and banking credential stealers all in one. Reaching out to the C2 server, the malware sends the victim’s contact list and retrieves an SMS phishing message and number to continue its spread using the victim’s device.

Additional functionality includes intercepting SMS messages, USSD messages from the telecom operator, and app notifications, opening pages on a victim’s browser, disabling Google Play Protect to prevent its detection, opening a SOCKS connection and creating a SOCKS proxy for communication depending on the C2 request, and uninstalling any app as directed by the C2. The malware also uses the system’s “locale.getLanguage()” to set the text language for interfacing with the victim, ensuring they will be none the wiser when they encounter notifications.

Another key part of the malware’s functionality is its ability to install display overlays for various banking apps and Google Play verification. When the malware has captured the victim’s credit card information, the card number format is validated locally and then sent to the C2 for exploitation.”

If you do receive the message then you should report the text by forwarding it to text number 7726 (recognised by UK operators) and then delete it. As a general rule, try to avoid clicking links that are sent to you via a text message. Instead, try to find an alternative route to check if the information is correct, such as going directly via an official website etc.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews
8 Responses
  1. Avatar photo adslmax says:

    Sick of tired of scam email, landline phone calls, mobile calls, mobile SMS


    1. Avatar photo Anonymous says:

      See recent alert from Ofcom saying “don’t trust caller ID”.

      Just astounding.

  2. Avatar photo Paul says:

    If you can copy the link without clicking it, say by retyping the url, its a good idea to submit the url here:


    Once reviewed, most browsers then seem to block the URL from loading (explained here: https://developers.google.com/safe-browsing/).

    Sometimes phishing url’s only work from a mobile phone, so don’t be surprised if you do happen to click them and they do nothing. (though best not to click them).

    1. Avatar photo Ugbenyen Precious says:

      This happens to me three time I live in Germany

  3. Avatar photo timeless says:

    my ISP is almost spamming this warning on twitter daily warning users about this.

    1. Avatar photo JP says:

      Good on them, it will cost them more to not act.

  4. Avatar photo JP says:

    I think its time to educate the masses and set a regulation for communications with users/customers.

    If communications between companies and customers is restricted to just text only notifications of informative purpose and not instructive purposes and everybody can understand this then the expectation of clicking or responding is mute.

    We’ve just spent a year being brainwashed by covid related messages and demands, so why not extend this to protect people from a war that rages on ‘virtually’

  5. Avatar photo John Bevan says:

    FYI: There are apps out there which look up the caller against a database of known / suspected fraud/spam numbers, and flag any calls/messages as such.

    For those on Android, there’s this offering from Google (and many similar alternatives by others are available if you have a preferences)

Comments are closed

Cheapest Ultrafast ISPs
  • Gigaclear £15.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • Zzoomm £19.95
    Speed: 150Mbps, Unlimited
    Gift: None
  • YouFibre £19.99
    Speed: 150Mbps, Unlimited
    Gift: None
  • Community Fibre £21.00
    Speed: 150Mbps, Unlimited
    Gift: None
  • BeFibre £21.00
    Speed: 150Mbps, Unlimited
    Gift: £25 Love2Shop Card
Large Availability | View All
Cheapest Superfast ISPs
  • Hyperoptic £17.99
    Speed 33Mbps, Unlimited
    Gift: None
  • UtilityWarehouse £19.99
    Speed 35Mbps, Unlimited (FUP)
    Gift: None
  • NOW £23.00
    Speed 63Mbps, Unlimited
    Gift: None
  • Vodafone £24.00
    Speed 73 - 82Mbps, Unlimited
    Gift: None
  • Shell Energy £24.99
    Speed 38Mbps, Unlimited
    Gift: None
Large Availability | View All
The Top 20 Category Tags
  1. FTTP (5411)
  2. BT (3491)
  3. Politics (2499)
  4. Openreach (2279)
  5. Business (2227)
  6. Building Digital UK (2218)
  7. FTTC (2039)
  8. Mobile Broadband (1943)
  9. Statistics (1766)
  10. 4G (1641)
  11. Virgin Media (1596)
  12. Ofcom Regulation (1439)
  13. Wireless Internet (1380)
  14. Fibre Optic (1380)
  15. FTTH (1379)
  16. 5G (1217)
  17. Vodafone (1128)
  18. EE (1112)
  19. TalkTalk (927)
  20. O2 (919)
Helpful ISP Guides and Tips

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact