The Department of Internal Affairs

Te Tari Taiwhenua | Department of Internal Affairs

Building a safe, prosperous and respected nation


New versions of Flubot text message scam emerge

1 October 2021

Te Tari Taiwhenua Department of Internal Affairs (DIA) has identified new versions of the Flubot scam text message identified yesterday.

The new version of the message suggests that the sender has copies of a person’s photos or is attempting to share images. If the link is clicked, users will be directed to a fake security alert webpage which indicates that your phone is infected with the Flubot malware and you should install a security update to fix the device.

This is the same scam which has been warning people about missed deliveries and people should not install or download any applications. If installed, the app will use malware to steal personal information from your phone including banking details, passwords, and other sensitive information.

The app then accesses your contacts and sends their details to the perpetrators of the scam and send additional text messages from your device to other people's contacts, further spreading the scam.

If you receive a text from an unknown sender or a text with a suspicious hyper link, do not click any links included in the message. Simply report the text spam for free on your phone by forwarding the spam text message to 7726.

DIA are continuing to see high volumes of reports from the public about the large-scale ‘Flubot’ text message scam.

“In the past 48 hours we have received over 58,000 reports of the scam” said Joe Teo, Manager of the Digital Messaging and Systems Team. “Thank you to everyone who has reported the scam to us so far. Your reports provide vital information which help us to reduce the spread of the scam campaign”.

If you receive a pop-up message saying that forwarding the message “may incur a fee”, you will not be charged for forwarding the message to us. DIA will contact you with details on how to complete a report.

“If you have been a victim of this or any other scam, it can be extremely distressing. It’s important to remember that scams like this are a crime and by reporting it you can help us stop it from happening again – to you or other people”

“We encourage everyone to talk to both young and vulnerable people to ensure they’re aware of this scam” said Teo

If you have already downloaded the app, do not log into any accounts until you have taken the following steps:
  • Perform a factory reset on your device as soon as possible. When you start up your device after the reset, it may ask you if you want to restore from a backup. Do not restore from any backups created after you downloaded the app, as they will also be infected.
  • Change your passwords to any accounts or apps that you logged into after downloading the app.
For more information about preventing malicious software from infecting your device or advice on what to do if you have become a victim of a malware scam, contact CERT NZ at or call 0800 2378 69.

How to report a spam message

Email Spam: If the email has no attachments then you can complete a short online form on our website. If the email has attachments or may be malicious you can simply forward it us.
Text Spam: You can report text spam for free on your phone by forwarding the spam text message to 7726.

Help and Guidance

Department of Internal Affairs:
  • If you want more information about what to do if you receive spam please check out our factsheet.
  • For more information about how to avoid being exposed to spam and online scams you can visit our webpage here.
  • For more information about what to do if you’ve been victim of a scam check out our factsheet.
Netsafe: If you want more information about harassment and abuse under the Harmful Digital Communications Act and all types of scams you can visit
Consumer Protection: For more information about how to minimize the impact of spam and scams visit Consumer Protection on
CERT NZ: For more information about cyber-attacks and malware visit or call 0800 2378 69.