The NCSC has given an urgent warning of malicious text messages targeting citizens of the UK.
The attack has been given the monicker “flubot” and consists of fake Package Delivery notifications. Very simple message in the text along the lines of “DHL: Your parcel is arriving, track here:”.
The links, however, are very clearly absolutely nothing to do with any delivery service, let alone DHL who seem to be the spoofed parcel firm.
Example Links
- www[.]webscx[.]com
- elahezare[.]com
- gracetj[.]cn
What’s the risk
The link can tell the difference between different mobile devices and so can display a different threat for Android devices than Apple iOS devices.
For Apple iOS users the link is thought most likely to be a standard phishing approach. Apple users still need to be very much on there guard though as attackers are known to change tactics rapidly.
For Android users the risk is far higher. The link will offer to install the latest DHL mobile application. This is very much a fake and very malicious.
The fake app is designed to record what is typed into the device, specifically looking for sensitive information including passwords. So called SPYWARE.
Just to add to the threat, the fake app accesses the contacts on the device and sends the fake SMS / text to them.
Advice
The most important thing to remember is to NEVER click links in SMS / text messages. I know this seems harsh but it’s really very good advice. Don’t try to figure out if the link is legitimate or not.
Plain and simple, just don’t click links in texts. Ever.
It is always better to go to the company’s / department’s website direct, not using links in text messages.
Example messages
harlekwin 
Discussion
No comments yet.