TCF Logo

Recent Alerts - Advisory

FluBot malware Infecting Android Phones 04.10.21

A malicious app is being spread through text messages on Android phones and is currently affecting New Zealanders. The text messages vary. What we have seen so far are regarding: parcel delivery pending or been missed, with a link to a delivery service website, or that photos are being uploaded, or voicemail link. 

If you have received the texts this does not mean your device has installed the malware.


Do not click on the link. If you do, it will ask you to install the application for the delivery service, which is actually a malicious app. The application attempts to steal your banking and credit card information as well your contact list, which it uploads to a server to continue spreading itself. Once a device has been infected with this malicious app it can result in significant financial loss.


What to do? Forward the txt to DIA’s anti-spam number 7726

Read the full advisory



Know how to better protect yourself and your family online

Being online is part of our daily lives as we work, bank, shop and stay connected with friends and family. Connectivity is making our lives easier, but there are risks. Protecting yourself online is simple, so don't wait until you become the victim of cyber crime.

Protect yourself from Scams

Scammers may contact you by email, text, or phone, posing as legitimate businesses. They often imitate businesses you trust and use regularly, such as your bank, internet or telecommunications provider.  This scam is sometimes called “phishing”. Whichever approach is used, the scammer’s goal is the same – to obtain your personal information and commit fraud against you.

Phishing emails often use the same branding, logos, and format of communication as one of your trusted providers. A phishing email might state there is a problem with your bank account, such as a security breach, and ask you to click on a link to provide your personal details, which can later be used to commit identity fraud, or steal money from your bank account. A common approach used by text scammers is sending out customer surveys that offer a prize for participating, in order to obtain your personal information to commit fraud at a later date.


Stop and think. Is this for real?

If you receive a suspicious call, email or text: Stop and think. Is this for real?

Never click on the links or attachments in emails and text messages that ask you to login or verify your password. They could easily be phishing messages sent by scammers. Instead, go to the legitimate website and log in from there.

A telecommunications company would never call a customer out of the blue and request remote access to their device/s. If this happens to you, it is a scam, and the best action you can take is to hang up.


Top Tips for staying safe online:

Improve your security with these tips:

Password protect all your devices. Use strong alpha-numeric passwords and include upper and lower case letters. It’s a good idea to use a password manager to create unique passphrases.

  • Change your passwords regularly and use different passwords for each online account
  • Use two-factor authentication (2FA) or multi-factor authentication (MFA) where possible (see below for further detail).
  • Set up a PIN for your voice mail.
  • Secure your computer and devices with firewalls, anti-virus software and up to date operating software.
  • Only use secure WiFi connections.
  • Protect your WiFi with a strong password and encryption settings.
  • Keep your devices and apps up to date.
  • Be aware of scams and don't click on unexpected attachments or links you don't recognise.
  • Limit the amount of identity information you post online.
  • Check your privacy settings for social media accounts.
  • Regularly back up your data.

Where to report scams

You should report phone and text scams directly to your telecommunications provider.

Online scams (and spam) can be reported to various Government organisations or individual telecommunication providers depending on the type of scam it is. Click here to download a one page guide  on where to report scams.

About 2FA and MFA

2FA or MFA (2 factor or multi-factor authentication) is when along with having to enter your password to access a secure website, you are also required to take a second step to confirm your identity.

Often this second step involves sending a code via SMS text message to your mobile phone for you to enter into the website. Many websites are now offering alternative means for this second step authentication, such as getting you to install a special authentication app on your phone.  Where possible, try to use the app method and avoid relying on an SMS text message or a phone call for this second step authentication.

More information

For more tips on protecting yourself online, check out the website of your telecommunications provider or visit:


Looking for something else?

Mobile phone security tips

Keep your mobile phone safe and secure with these tips.

Find out more

Last Modified On Monday, 4 October 2021