One of the things on the rise over the past year while we’ve all been working from home and staying local, is home delivery. From groceries, clothes and takeaways, most areas of delivery services have seen at least a 50% increase year on year in 2020/21.
Unfortunately, it’s also seen a rise in scammers attempting to exploit our complacency over mails and text telling us when our packages will be delivered.
FluBot was first identified in Spain in 2020 but is now on the rise across Europe. It originally began its life masquerading as a message or email from your bank asking you to follow the link to download a new app. But it’s now fraudulently replicating contacts from delivery companies about your upcoming parcel. Very clever and a huge net to cast given the rise mentioned above.
How do they unwittingly draw you in?
It’s a fairly innocuous start, you receive a text message about your upcoming delivery and a “click here to track your parcel” link. Once you do it presents you with an image similar to the image below:
If you DO download the “App” it will potentially allow functionality to be carried out on your device without you knowing including but not limited to:
Intercepting SMS messages
Sending spam SMS messages to your contacts
Displays fake banking apps and credit card phishing screens
Steal your contacts
Opens links without your knowledge
This is currently only exploiting those with Android devices with over half of identified cases running Android 10 OS.