Remember, if someone calls you claiming to be from O2, we would never ask for one-time passcodes, passwords and PINs, or personal information like your bank details. So, make sure you check who they are by asking where they're calling from. If you have any doubts, just give us a call on 0344 809 0202 to check. These could be nuisance calls, so see our advice on what to do about them.

About 'FluBot' malware

FluBot is a text message scam that is part of a large-scale smishing attack. Currently, it only affects Android devices and is downloaded under the guise of a message with a link to a tracking app or to retrieve a voicemail. The messages can appear to be from a delivery service like DHL, or other companies like Argos and Amazon.

If you click the link in the message, the malware may automatically download to your device. If the app is installed, the malware can take over your device, allowing more infected text messages to be sent to your contacts without your knowledge. The fraudster could also gain access to your messages and online banking details.

What should I do if I receive the message?

I’ve received the message but haven’t clicked on the link

You can just delete it. If you like, you can still report it by forwarding the message free of charge to 7726.

If you have an Apple device, it won’t be affected, and you can just delete the message.
 

I’ve received the message and clicked on the link, but haven’t downloaded the app

Your phone won’t be infected if you haven’t downloaded the app, so you can just delete the message. You can still report it by forwarding it to 7726, for free.
 

I’ve received the message, clicked on the link, and downloaded the app

Please be aware that your device, including any sensitive information stored on it, may have been accessed by fraudsters. If you think your device has been infected, please follow the steps below immediately to remove the malware.


I think my device is infected - what should I do?

Do a factory reset

The National Cyber Security Centre (NCSC) recommends doing a factory reset on your device. This will wipe the device and remove the malware. For help on how to carry out a factory reset, please visit the NCSC website.

Please note, you should NOT perform a backup to reinstall anything on your device after the factory reset, as that will also reinstall the malware. So, unfortunately, it’s likely that you will lose data like photos, contacts and downloads.


Activate Google Play Protect

Turn on Google Play Protect in the Play Store app and do a complete device scan. This action may also allow you to identify the FluBot app and delete the malware.

This step is only recommended if you haven’t been able to remove the malware by doing a factory reset.


Activate Safe Mode

Follow your device manufacturer’s guidelines to activate Safe Mode. This will place a temporary block on third party apps, stopping them from running. You may also be able to identify the FluBot app and uninstall it.

This step is only recommended if you haven’t been able to remove the malware by doing a factory reset.


More ways to protect yourself:

If you use an online banking app, you should contact your bank immediately. They will be able to assist you with securing your account.
Change any passwords stored on your device – in web browser, notes, or text messages.
Change any passwords that you may have entered while the FluBot app was installed.


Why is there a bar on my outgoing text messages?

While monitoring our network, if we’ve identified that your device may be infected by FluBot malware, we may bar your outgoing text messages in order to protect you, your contacts and our network.

To have this bar removed, please follow the advice above on how to remove the malware. Once you’ve done this, give us a call on 0344 809 0202.

If you tell us you’ve removed the malware, but this hasn’t been completed, the bar is likely to be reinstated.


Why are there extra charges on my monthly bill?

If there are charges on your bill due to FluBot malware, we’ll review it and, where applicable, we’ll credit these charges back to your account.
 

If you tell us you’ve removed the malware, but this hasn’t been completed and you continue to incur costs as a result, you may be liable for these charges.


More help sources

Visit our help pages to find out more about Viruses and malware and Scams and phishing

You can find detailed security advice at Get Safe Online, or read up on viruses at McAfee at home

If you're not sue about any techy terms, check out our jargon buster

Think a fraudster might have access to your O2 account? See our fraud advice, and report it to us straight away.


Was this information helpful? Yes | No

Thank you for sending your feedback.

Can't find what you're looking for?