Australian technology news, reviews, and guides to help you
Australian technology news, reviews, and guides to help you

Flubot scam messages increase, what’s being done

A scam scourge is facing Australia, with numbers on the increase. What’s being done about it?

Depending on how lucky or unlucky you see yourself, you might be getting a wave of text messages you don’t actually want notifying you of a voicemail you don’t actually have.

It’s a problem that’s growing, with mobile users in Australia (and indeed, the rest of the world) under attack from a form of messaging linking users to dodgy sites communicating a virus. Specifically, that virus is a fake app that installs itself to Android devices and is used as a way of stealing private information but also replicating itself, sending more text messages as others are infected.

Telstra noted last week what was going on, but in recent days, the number of these messages have increased, with the scam messages coming in bigger waves.

We already know that the months in lockdown are doing big numbers for scams and scammers, as the ACCC’s Scamwatch program tracks big numbers of reports as we head to isolation, something overseas scammers seem to know all too well.

However these fake voicemail messages are becoming so frequent, they’re already a pest impacting the day-to-day even in lockdown. So what’s being done about it?

Telstra goes on the defensive

Telstra is working on it, though wouldn’t say too much, as it could give clues to the perpetrators of these attacks.

Essentially, Telstra’s Cleaner Pipes security project — which uses machine learning to prevent a lot of scam messages and calls from coming through its networks — is on the task, but like all machine learning problems, it’s one that will take time for it to understand.

Arriving with intentionally misspelled words and randomness, not to mention different phone numbers, these Flubot messages aren’t necessarily easy for an AI system to combat, so Telstra is working on it.

Optus WiFi Secure provides a different layer of defence

Checking in with Optus, we found a different possible type of defence in play, but one that only affects you if you happen to be at home.

If you’re someone who subscribes to the Optus and McAfee collaboration at home, Optus WiFi Secure, the telco told Pickr that its solution will block the links these messages try to connect you to.

“It’s important to note that WiFi Secure protects customers within the home, when connected to their router. In these circumstances, it works regardless of whether the link is sent via email, SMS or through a web browser,” a spokesperson for Optus told Pickr.

Optus WiFi Secure works from inside a home where it runs only, operating much like a security system for a home, as opposed to a security system for the entire mobile network. As such, it means subscribers accidentally clicking on dodgy links are somewhat protected at home, but will lose that protection when they leave the home.

Telcos are working on it

Unfortunately, the fake voicemail Flubot scam is one that every telco is seeing, with subscribers on every mobile network seeing messages. Flubot has been hitting more places than just Australia, though, with Avast noting its presence earlier in the year.

It’s not just Aussies dealing with this, frustratingly.

Whether you use Optus, Telstra, or Vodafone, there’s a good chance there’s a telco support page noting what the scam is and how it works. We’ve found one over at Telstra, while there’s another at
Vodafone.

In short, telcos are aware of these, and are actively working on solutions, but it will take time. You might receive a lot of messages, but know the telcos are doing what they can, even as the numbers increase.

While iPhone users will see this largely as a pest, Android users are the real target here, and they need to be more vigilant and delete. In short, regardless of what phone you have, if someone sends you these random voicemail messages, delete them.

If you see new text messages advising you of voicemails through a random link, don’t click. Just delete.

Read next