My Credit Union


03 February 2021

We are aware of an increasing number of investment scams across industry. If it seems too good to be true – it probably is.

Be suspicious of anyone:

Do your own independent research on anyone you are dealing with to determine whether they are legitimate. Ask questions about who owns the entity, their financial services licence number and their address. Check the validity of any paperwork or documentation they issue and where it is sent from (e.g. their email address). If they can’t or won’t give you the answers, stop dealing with them.

Scammers offering fraudulent investments will often create false entities which appear in Google searches and appear legitimate, so closely examine and cross-reference all correspondence before arranging a financial transaction.

Before you make an investment decision, or arrange a significant financial transaction, we strongly recommend that you talk to someone you trust, or consult a financial advisor or accountant. Don’t be pressured to make a quick decision you could regret later.

If you think you may have been scammed call IMB immediately on 133 462.

Find out how to avoid these scams at:


Updated: 22 September 2021

The number and frequency of scams is increasing. The best way you can avoid being scammed is to be informed and know what to look for and how to protect yourself. To help you, we’ve provided further information on the many types of scams, how to spot them and how to avoid them at There is even more helpful information on the ACCC’s Scamwatch page at

This page details the latest type of scams as they arise, so you can stay up to date.

Missed delivery, call or voicemail (‘Flubot’) scam

The ‘Flubot’ scam is a type of ‘phishing’ scam that was first reported in early August 2021. To date, the ACCC has received over 12,000 reports of the scam from the general public and IMB wants its members to be aware of how this scam works. The scam uses text messages (SMS) to download malware onto your phone. The malware at present particularly affects Android phones, although iPhones are also being targeted.

How does the ‘Flubot’ scam work?

You receive a text message about voicemails, missed calls or, more recently, parcel deliveries from Australia Post, DHL or another reputable organisation. All messages will contain a link and instruct you to click the link or download an app to check a voicemail, track a parcel, schedule a delivery time etc.

IMPORTANT: If you click the link and download the app presented, the phone will be infected with malware.

Once installed, the application is able to read and send text messages, make calls and access contacts which are uploaded to a central server then targeted with similar Flubot scam texts.

The application page that the links send you to can look legitimate. Here is an example:

Further examples of what the SMS messages can look like and what to do if you think you have downloaded the scam are available at

How can the Flubot scam steal money?

Once the malware has been downloaded it has access to all typed passwords and data, which can ultimately lead to theft.

Plus, the scammers’ strategy and tactics are evolving quickly, so Flubot may change, and these phishing text messages may come from other reputable organisations or your bank, substituting home screens for web pages or apps with convincing fraudulent copies, as in the fake-DHL illustration above. There have been cases of this occurring overseas.

REMEMBER: Once cyber-criminals have your passwords, they can steal from your bank accounts.

CHECKLIST: Avoid the ‘Flubot’ scam

✓   Does the SMS look legitimate?

  • Voicemail scam Your voicemail is never an external link or app. Do not open the SMS or click the link. Delete it immediately.
  • Delivery or Tracking scam Do you have a parcel coming? If so, do not open the SMS and instead check via the supplier’s website where you made the order. Do not open the SMS or click the link. Delete it immediately.

✓   NEVER click on links in text messages (SMS)

  • Simply: do NOT click on links or download buttons.

✓   Remain vigilant with your interactions on your phone and computer


Remote Access Scams

Unlike hacking scenarios, which will usually occur without your direct involvement or prior knowledge, Remote Access Scams (also known as Technical Support Scams) involve a scammer contacting you directly to deceive you into giving them access to your device and personal data over the phone, through email or text or through pop-ups and chat functions on the internet.

The fraudster will try to convince you to give them access to your computer by downloading remote desktop software and providing them with other personal data such as passwords and authentication codes.

Scammers usually pose as someone from a well-known and reputable organisation, such as a bank, a telecommunications provider, a government agency or the police. They often play on their position of trust or may use fear and intimidation tactics to obtain your co-operation.

How to spot a Remote Access Scam?

There are many types of Remote Access Scams, but the methods are similar. Here’s how they work – stay alert to these red flags:

How to avoid becoming a scam victim

Scam Call Checklist

Hang up!

✓   Is the caller trying to create urgency about a so-called sum of money owed, a banking issue, a technical problem or a legal problem?

✓   Is the caller trying to get you to download software, to reveal your password or answers to your secret questions?

✓   Are they trying to get you to log into your bank accounts or to move your money?


✓   A legitimate organisation will NEVER ask you to download software through an unsolicited call, email, or text.

✓   NEVER share your login details with anyone.


What to do if you think you have been scammed

If you think you have been scammed:

  • Please contact us as soon as possible on 133 462 and we can help you navigate the next steps. Please tell us as much as information as possible about what happened as this will help us help you.  
  • Delete any programs you have installed, including from the device itself. You will need to get the device professionally cleaned.

We strongly encourage you to report any scam incidents to Scamwatch.

Stay Updated

Stay informed about scams and how to avoid them at: