Te Tari Taiwhenua Department of Internal Affairs want to make the public aware of a large-scale malware scam which has
generated thousands of complaints over the last 24 hours.
The scam involves people being sent a text message indicating you have a parcel that is out for delivery, or that has
failed, with a link included. This link is to a website that asks the recipient to download a new application to their
phone.
Upon downloading the application, the recipient’s phone will become infected with a piece of malware called “Flubot”. If
installed, it uses malware to steal personal information from your phone including banking details, passwords, and other
sensitive information.
The app then accesses your contacts and sends their details to the perpetrators of the scam and send additional text
messages from your device to other people's contacts, further spreading the scam.
Joe Teo, Manager of the Digital Messaging and Systems Team said that “The scam appears to be impacting mobile network
operators across New Zealand”.
“We have seen similar text scams featuring the “Flubot” malware being detected globally in recent weeks including in
Australia”.
If you received one of the below scam text messages, or a text from an unknown sender, do not click any hyperlinks
included in the message. Simply report the text spam for free on your phone by forwarding the spam text message to 7726. The Department will contact you with details on how to complete a report.
“The Department is working closely with the mobile network operators and other government agencies including CERT NZ and
NZ Police to develop a strong multi agency collaborative approach to this scam” said Teo
If you have already downloaded the app, do not log into any accounts until you have taken the following steps:
· Perform a factory reset on your device as soon as possible. When you start up your device after the reset, it may ask
you if you want to restore from a backup. Do not restore from any backups created after you downloaded the app, as they
will also be infected.
· Change your passwords to any accounts or apps that you logged into after downloading the app
For more information about preventing malicious software from infecting your device or advice on what to do if you have
become a victim of a malware scam, contact CERT NZ at cert.govt.nz or call 0800 2378 69.How to report a spam message
Email Spam: If the email has no attachments then you can complete a short online form on our website. If the email has attachments or may be malicious you can simply forward it us.
Text Spam: You can report text spam for free on your phone by forwarding the spam text message to 7726. The Department will contact
you with details on how to complete a report.Help and GuidanceDepartment of Internal Affairs:
· If you want more information about what to do if you receive spam please check out our factsheet.
· For more information about how to avoid being exposed to spam and online scams you can visit our webpage here.
· For more information about what to do if you’ve been victim of a scam check out our factsheet.
Netsafe: If you want more information about harassment and abuse under the Harmful Digital Communications Act and all types of
scams you can visit https://www.netsafe.org.nz/
Consumer Protection: For more information about how to minimize the impact of spam and scams visit Consumer Protection on www.consumerprotection.govt.nz
CERT NZ: For more information about cyber-attacks and malware visit cert.govt.nz or call 0800 2378 69.