This package delivery text will steal your passwords — what you need to do

1. Home
2. News
3. Security

This package delivery text volition steal your passwords — what you need to do

(Image credit: Indypendenz/Shutterstock)

The British government's National Cyber Security Centre (NCSC) is warning about a phishing campaign targeting owners of Android phones that could steal "passwords and other sensitive information."

The attack starts with an SMS text bulletin informing you lot that y'all've got a bundle coming from DHL, with a link to rails the parcel. The link leads to a phony DHL website inviting you to download and install the DHL package-tracking app — simply the app is actually information-stealing malware called FluBot.

• How to stop apps from tracking yous in iOS 14.5
• The best Android antivirus apps for your non-iPhone phone
• Plus: Google Banana could say goodbye to 'Hey Google'

"While messages then far take claimed to exist from DHL, the scam could change to abuse other visitor brands," warned the NCSC in a recent blog post.

Hither's a tweet from Vodafone Uk showing what the scam SMS text may await like.

⚠️SCAM TEXT Alarm ⚠️If you receive a text message that looks like the one below:IGNORE: Do not click whatever links.REPORT: Report it by forwarding to 7726.DELETE: Remove the text from your phone. moving-picture show.twitter.com/ailKcmXYh4April 22, 2021

See more

And hither'due south how the phony DHL page may appear on your phone, courtesy of the NCSC.

(Prototype credit: National Cyber Security Centre )

By default, Android devices that apply Google Play can't install apps from whatever other source. However, users tin override this setting, and the phony DHL site shows you how.

Apple tree iPhones can't run this Android malware, of class, but the NCSC notes that "the scam text messages may still redirect them [iPhone users] to a scam website which may ... steal your personal information."

If you get a text message informing you of a package y'all're not expecting, "do non click the link in the bulletin, and do not install any apps if prompted," says the NCSC. The aforementioned applies to residents of other countries, of course.

Britain-based readers tin forrad suspicious messages to 7726, the national spam-reporting number.

If yous've already installed this malicious app, the NCSC recommends performing a factory reset of your Android phone — which will delete all your information, of class. If you lot have a fill-in of your phone (Google will take saved much of your information), and then make sure you don't reinstall a backup made after you lot installed the malicious FluBot app.

Using i of the all-time Android antivirus apps will get a long mode to forbid you lot from being hitting with this kind of scam malware.

Paul Wagenseil is a senior editor at Tom'due south Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, lawmaking monkey and video editor. He'due south been rooting around in the information-security infinite for more xv years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom'southward Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random Television news spots and even moderated a panel word at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.

Source: https://www.tomsguide.com/news/fake-package-phishing-ncsc-warning

Posted by: sandersduritat.blogspot.com

Share this post