I make a call to you and leave you a voicemail. Depending on your model of phone and carrier, you retrieve the message by calling 101 or accessing your messages by the voicemail feature on your phone.

During a lockdown, I have to order some products online. I receive tracking to allow me to see where the parcel currently is on its journey to me.

Both of these are not uncommon scenarios. It is with that backdrop that I therefore feel compelled to use this column to make a Public Service Announcement (PSA). The sheer volume of enquiries I am receiving at the moment in relation to this issue is unprecedented.

Here goes.

When you receive a random text from an unfamiliar number with a variety of spelling errors asking you to click on a link to listen to a voicemail then…don’t!

Furthermore, when said link takes you to a site asking you to install an app to listen to your voicemail message then…don’t!

You have never had to click on a link and install an app to listen to your voicemail messages before. Don’t start now.

The Flubot malware that is currently infecting phones around the world relies on an aspect that has often gotten humans in to trouble.

In 1598, English playwright Ben Jonson wrote in ‘Every Man in His Humour’ the line “Helter skelter, hang sorrow, care’ll kill a Cat, up-tails all, and a Louse for the Hangman.”

Our modern version of this is that curiosity killed the cat.

We know that the text message we received is not a real voicemail. But it just might be, and I wonder who it is from. I haven’t ordered a parcel from freight company XYZ, but the notification of my tracking information just might be a surprise parcel for me. We can’t help ourselves.

The sixth most famous computer virus in the world relied on this curiosity. The worm wasn’t particularly sophisticated in design but it was brilliant in social engineering. In 2001, the eighth most famous person in the world was tennis star, Anna Kournikova. Kournikova never won a singles tennis title but had undoubted appeal to younger males across the world. Spreading a virus with the bait that it may be an image of Kournikova was enough to send mail servers in to meltdown in February 2001.

Six months after the Anna Kournikova virus had wreaked havoc, a survey found that fifteen per cent of people who received an e-mail with a promise of an image of Anna would still open the e-mail despite knowing that it may be a virus.

Back to Flubot. This malware specifically targets Android phones. Once infected, the contacts from your phone are used to continue to send the message on hoping that other people may see a familiar number and click on the link. This is clever from two angles. Someone is more likely to click on a link from a number they recognise and it also means that your phone plan is being used to send texts.

Ultimately Flubot is trying to steal your money. An infected phone has an invisible overlay that will send the creators constant information of every thing you type in to your phone – including any banking credentials.

Once infected, removal can be tricky. Either use an antivirus package or completely reset your phone. The malware will not allow you to simply uninstall. PSA finished.

If too much tech is not enough, my weekly podcast called ‘Tech Talk with Mathew Dickerson’ is currently the number one Australian produced technology podcast in the land. Have a listen.

Mathew Dickerson

Scroll to Top