My Credit Union

Print

Updated: 22 September 2021

The number and frequency of scams is increasing. The best way you can avoid being scammed is to be informed and know what to look for and how to protect yourself. To help you, we’ve provided further information on the many types of scams, how to spot them and how to avoid them at www.imb.com.au/security. There is even more helpful information on the ACCC’s Scamwatch page at https://www.scamwatch.gov.au.

This page details the latest type of scams as they arise, so you can stay up to date.
 

Missed delivery, call or voicemail (‘Flubot’) scam

The ‘Flubot’ scam is a type of ‘phishing’ scam that was first reported in early August 2021. To date, the ACCC has received over 12,000 reports of the scam from the general public and IMB wants its members to be aware of how this scam works. The scam uses text messages (SMS) to download malware onto your phone. The malware at present particularly affects Android phones, although iPhones are also being targeted.

How does the ‘Flubot’ scam work?

You receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.

IMPORTANT: If you click the link and download the app presented, the phone will be infected with malware.

Once installed, the application is able to read and send text messages, make calls and access contacts which are uploaded to a central server then targeted with similar Flubot scam texts.

The application page that the links send you to can look legitimate. Here is an example:

Further examples of what the SMS messages can look like and what to do if you think you have downloaded the scam are available at https://www.scamwatch.gov.au/news-alerts/missed-call-or-voicemail-flubot-scams.

How can the Flubot scam steal money?

Once the malware has been downloaded it has access to all typed passwords and data, which can ultimately lead to theft.

Plus, the scammers’ strategy and tactics are evolving quickly, so Flubot may change, and these phishing text messages may come from other reputable organisations or your bank, substituting home screens for web pages or apps with convincing fraudulent copies, as in the fake-DHL illustration above. There have been cases of this occurring overseas.

REMEMBER: Once cyber-criminals have your passwords, they can steal from your bank accounts.

CHECKLIST: Avoid the ‘Flubot’ scam

✓   Does the SMS look legitimate?

  • Voicemail scam Your voicemail is never an external link or app. Do not open the SMS or click the link. Delete it immediately.
  • Delivery or Tracking scam Do you have a parcel coming? If so, do not open the SMS and instead check via the supplier’s website where you made the order. Do not open the SMS or click the link. Delete it immediately.

✓   NEVER click on links in text messages (SMS)

  • Simply: do NOT click on links or download buttons.

✓   Remain vigilant with your interactions on your phone and computer

 

Remote Access Scams

Unlike hacking scenarios, which will usually occur without your direct involvement or prior knowledge, Remote Access Scams (also known as Technical Support Scams) involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.

The fraudster will try to convince you to give them access to your computer by downloading remote desktop software and providing them with other personal data such as passwords and authentication codes.

Scammers usually pose as someone from a well-known and reputable organisation, such as a bank, a telecommunications provider, a government agency or the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.

How to spot a Remote Access Scam?

There are many types of Remote Access Scams, but the methods are similar. Here’s how they work – stay alert to these red flags:

How to avoid becoming a scam victim

Scam Call Checklist

Hang up!

✓   Is the caller trying to create urgency about a so-called sum of money owed, a banking issue, a technical problem or a legal problem?

✓   Is the caller trying to get you to download software, to reveal your password or answers to your secret questions?

✓   Are they trying to get you to log into your bank accounts or to move your money?

Remember!

✓   A legitimate organisation will NEVER ask you to download software through an unsolicited call, email, or text.

✓   NEVER share your login details with anyone.


 

What to do if you think you have been scammed

If you think you have been scammed:

  • Please contact us as soon as possible on 133 462 and we can help you navigate the next steps. Please tell us as much as information as possible about what happened as this will help us help you.  
  • Delete any programs you have installed, including from the device itself. You will need to get the device professionally cleaned.

We strongly encourage you to report any scam incidents to Scamwatch.


Stay Updated

Stay informed about scams and how to avoid them at: