Lamination. A text message arrives on a mobile phone. “Your order has been shipped,” an unknown sender reported. “Your parcel is coming. Follow it here, so you know where you are.” The message ends with a link to a website.
Fraud with fake parcel text messages is increasing at speed. Thousands of Dutch phones were infected with malware via this method in the past week, according to estimates by the Dutch Payments Association, based on information from telecom service providers, banks and cybersecurity companies. Police and the fraud help desk are also ringing the bell about malware criminals can use to gain control of phones. On the relief agency’s website alone, 2,600 fraudulent text message recipients were reported this month.
It comes to two types of malware, FluBot and Anatsa, which have been victims abroad for some time. A link in a text message that redirects people to a website. There they are required to download an app to view the status of the parcel. If the owners of the phone give permission to install, then the problem starts.
“With FluBot, fraudsters spread malware to other applications,” explains Berend Jan Beugel of the Dutch Payments Association. Think of mobile banking apps, DigiD apps, or cryptocurrency investing apps. The fake screen is like a real app like two drops of water, so you don’t realize that you are in a harmful environment. The scammers ’goal is to steal your access codes. When you type it, they can His objection. ”
Scripts are circulating to install parcel tracking apps. These apps are not from a delivery service, but from criminals who steal passwords and banking information via the app. Do you receive such a text message? Throw it away. You can find the official apps on the Play Store. pic.twitter.com/q8iKlz6MuO
– Netherlands Police (Politie) May 26, 2021
He says that Anatsa is more dangerous. This allows fraudsters to take over the entire device and gain access to someone’s microphone and camera, among other things. “Fortunately, there are still no indications of money being stolen in the Netherlands by these two types of malware.” In the UK and Spain, people have seen money disappear from their accounts after downloading the app.
Access to the address book
Telecom providers have warned owners of affected wallets in a different way. They see FluBot and Anatsa using the victim’s phone to find other prey. With malware, criminals can access someone’s address book, after which all of their contacts receive an SMS about a package they supposedly requested.
Embed a Tweet My mom’s phone might have installed Flubot. Already factory reset but keep texting outside. While I don’t see anything in the SMS app. Can you do anything please, the bill is also increasing on another phone. Help 🙁
– stefkor May 23, 2021
“Excess SMS traffic can lead to a huge phone bill for the device owner,” says Tanya Wijngaarde of the Fraud Helpdesk. Hijacking victims’ address lists is nothing new. But we are witnessing for the first time that it is happening on such a large scale. In this way, malware spreads very quickly. ”
Malware appears to only affect Android phone users. Owners of these devices can grant permission with one click of a button to disable security mechanisms that should prevent apps from being downloaded outside of the official Google Play Store. With iPhones, it is difficult to navigate the Apple App Store.
⚠️ Please note that text messages are traded to install parcel tracking apps. These apps are not from a delivery service, but from criminals who steal passwords and banking information. Do you receive such a text message? Remove it immediately. Download official applications only.
MinisterieEZK – Ministry of Economic Affairs and Climate May 26, 2021
Police, telecom service providers and the Ministry of Economic Affairs are warning people against the temptation of fraudulent text messages, and only install apps from carriers via the official Playstore. If you’ve entered it anyway, Wijngaarde from Fraud Help Desk recommends resetting the phone to factory settings. “You may have lost all the data on your phone, but it appears to be the most reliable way to get rid of these types of fraudsters.”
Internet fraud has exploded: 39.5 million were stolen from consumers
Cyber criminals snatched record amounts of money from consumers last year. Banks say they are upset with the current privacy legislation in their approach.
Again a lot of damage from phishing. Are banks doing enough?
Banks have launched another campaign to warn their customers about phishing. But is that enough? The damage from fake emails has risen sharply in the past year.