More than 9,000 recipients of a fake text message pretending to be from Bpost fell into the trap and were caught by a phishing attempt.
The message, in either French or Dutch, reads “bpost, your parcel is on its way. Track it here” and then gives a website address.
However, rather than pointing to a package tracking site, clicking on the link automatically downloads a virus, known as FluBot, to the victim’s phone, which then takes over the operating system of the device, allowing the phishers access to personal information including passwords, bank information and contact details.
After publicity and warnings from organisations like Test Achats and Safeonweb, some 5,700 vigilant members of the public reported the phishing to Safeonweb’s email alert address.
“The bad news is that 9,000 less well-informed users still clicked on the link and proceeded to install a malicious virus,” said Miguel De Bruycker, director of the Centre for Cybersecurity Belgium.
FluBot has reportedly been in circulation in recent weeks in other European countries, but is only now finding its way to Belgium.
“FluBot is a well-known but dangerous virus that, among other things, steals data and uses the contact list of a mobile phone to spread itself,” explained Jack Hamande, a member of the board of the post and telecoms regulator BIPT.
“That is precisely why the number of victims in our country is increasing exponentially.”
The advice on how to deal with a phishing message is simple: ignore it. Bpost never sends information by text. In other cases, simply do not click on links in text messages.
If you do get caught, however, experts advise the following:
Immediately reset your device to the factory settings
Make sure you have a backup of your data before doing this£
Change your passwords
Notify your contacts, as an SMS message may have been sent to all of your phone contacts in your name