Warning after deluge of scam
Government cyber-security agency Cert NZ has issued a strong warning to phone users impacted by malware spread through a deluge of scam texts sent to Spark, Vodafone and 2degrees customers.
Spark warned earlier yesterday that it believed a form of malware called a ‘Flubot’ was responsible for the scam texts, and that has been confirmed by Cert NZ.
Cert NZ said Android phone users were receiving texts suggesting they needed to take action about a parcel delivery. Clicking on a link contained in one of the text messages would result in a ‘‘malicious app’’ being downloaded to their phone, it warned.
‘‘The application attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself.’’
The app sent out similar scam texts to anyone listed in the victim’s address book and then blocked those numbers so recipients were ‘‘unable to respond, to avoid raising suspicion’’, Cert NZ said.
It advised anyone who had clicked on the malware to reset their phone to factory settings ‘‘as soon as possible’’.
‘‘This will delete any data on your phone, including personal data. Do not restore from back-ups created after installing the app. Seek the services of a qualified IT professional if you require assistance.’’
Cert NZ warned that victims would also need to change the passwords to all their online accounts ‘‘with urgency around their online bank accounts’’.
‘‘If you have concerns that your accounts may have been accessed by unauthorised people, contact your bank immediately,’’ it said.
The Department of Internal
Affairs said in a similar warning that it had received ‘‘thousands of complaints over the last 24 hours’’ about the texts.
The three phone companies all confirmed yesterday that their customers had been receiving large volumes of scam texts telling them they needed to click on a link to have a delivery redirected.
2degrees was first to raise the alarm yesterday morning. Spokeswoman Andrea Brady said text scams were not unusual but the number of texts being sent out was ‘‘quite out of the ordinary’’.
Vodafone spokeswoman Nicky Preston and Spark spokeswoman Cassie Arauzo both confirmed their customers were also receiving an unusually large number of scam texts.
Arauzo and Telecommunications Forum chief executive Paul Brislen Brislen said the malware had the potential to cause a lot of damage ‘‘at a time when everyone is using courier delivery services’’.