The most important things to know about the new scam
The misleading SMS message notifies the recipient of the arrival of a parcel and offers a link to track it. The link opens a page disguised as the website of a shipping company and asks the user to download an app. Once the app is downloaded, it will start sending unwanted SMS messages to other handsets without the user knowing it.
Please note that the app is not automatically installed. The handset gets infected only if the user installs the app using the link in the SMS message.
What makes this sophisticated spam especially misleading is that home delivery is used by a lot more people during the pandemic which makes the receipt of such messages fairly common. The unsuspecting customer receives a message from a phone number with a normal Hungarian prefix (that is not the prefix of an exotic country) and has no doubt about the credibility of the message. Moreover, the senders are usually existing Hungarian phone numbers as the scam uses numbers whose users had previously downloaded the app and got infected as victims of the scam themselves.
Damage caused by the SMS scam
The software behind the scam is FluBot that not only forwards SMS messages but also gains full control of messaging services. It sends messages in the background and forwards the data of incoming SMS messages including those of SMS messages from banks.
The links included in SMS messages, as well as the place of the downloadable app keep changing. The link received also depends on the mobile OS used. Android-based handsets get a link that opens a URL disguised as the website of a shipping service and prompts the user to download an app. Once the app is downloaded, it will forward SMS messages, steal the contact list and may even initiate a call in the background.
The SMS scam may also target handsets with iOS and other operating systems, but it won’t cause any damage to them. On such handsets, the message is disguised as a raffle with a text and prize varying by network. If the offered app is installed, it cannot be subsequently deleted, that is, it will remain on the handset and continues to run even after it is turned off.
How to recognize and respond to the scam?
Watch out for suspicious signs. Have a look at the text of the message first. The current scam uses characters without accents, for example.
Check the link which is usually not the URL address of a well-known and existing service provider or online store, but an unknown URL comprising letters and numbers.
Make sure to delete the message immediately and block the sender on your phone. Avoid clicking on the link in the SMS message by all means. If you’ve already done so, never download an app from an unknown source. The phone also warns you not to do it. You should always have reservations about an app requesting access to your contacts.
The above method is only one of countless scams. Telenor has collected the most common scams on the following page: https://www.telenor.hu/aktualis-visszaelesek-kezelese
