FraudSMART issues warning on SMS Scams

FraudSMART is advising consumers to be aware of an on-going cybercrime campaign in which fraudsters try to trick victims into installing malware on their phone.

What to Know
Android malware is being distributed using a text message based scam. Criminals send a SMSs from legitimate numbers and attempt to trick recipients (victims) into following a link and installing malware onto their phone.

What does the malware do?
If installed, this malware will allow criminals to access banking details, personal information, contacts and information stored on or accessible through the victim’s mobile device.

How does the scam work?
SMSs relating to this malware and scam are sent to both iPhones and Android phones, and typically claim to notify the recipient of a number of missed calls, MMSs, impending parcel delivery or new voice-mails.

As depicted in the images above, the messages usually include poor spelling, formatting and grammar, as well as a suspicious link. The link directs recipients to a web page featuring their own phone number, fake details of a non-existent voicemail or parcel for delivery, and another link to download and install a ‘new’ app.

What should you do if you receive such an SMS?

• Do not click on the link
• Do not reply or provide information
• Delete the message

If you are unsure of the legitimacy any SMS seeming to originate from a known brand or company, ignore it and contact that company or service directly using the contact details provided on their website.

If you think you have responded to a scam text message, contact your bank immediately.

FraudSMART strongly encourages the public to help protect against malware by ensuring all software is up to date. Android users in particular are advised to avail of the protection offered by Google Play Protect.

What can you do if you think you have been infected?
If you think your device has been infected, please contact your Mobile Network Operator for further instructions and advice.

If you think any of your bank account details or payment card details have been compromised, please contact your bank immediately using the number on the back of your debit / credit card.

You can find further information from the National Cyber Security Centre’s Flubot advisory.

• Never give away personal information, bank card payment details, bank account details or security details such as your PIN or online password to anyone.
• Banks will only ever ask you to reply to text messages with ‘Y’ or ‘N’. Never to click on links or give information.