New Threat: Criminals Use Fake Cell Towers to Deliver Phishing Texts
Cybercriminals have discovered a way to bypass mobile operators’ filters and launch large-scale waves of fraudulent text messages. Whereas past attacks relied on databases of phone numbers and automated distribution through conventional networks, attackers are now deploying portable stations disguised as legitimate cell towers. These devices, known as SMS blasters, are installed in vehicles or even carried in backpacks. They compel nearby smartphones to connect to a counterfeit signal, enabling criminals to directly push phishing links to thousands of devices at once.
The use of such systems has been steadily rising for more than a year. Initial incidents were recorded in Southeast Asia before spreading to Europe and South America. Most recently, Switzerland’s National Cybersecurity Centre issued a warning about SMS blasters, noting that their range can extend up to one kilometer and their throughput can reach 100,000 messages per hour. Originally designed as IMSI-catchers—or “Stingrays”—for law enforcement surveillance, these tools have become instruments of deception in criminal hands.
The operation is deceptively simple: a phone connects to a fake 4G signal, is then forced down to the more vulnerable 2G standard, and within seconds receives a malicious message. The entire process takes less than ten seconds and remains invisible to the device owner. Because the messages bypass operator networks entirely, no filters or blocks are triggered. Criminals can spoof sender numbers and evade restrictions on SMS containing web links. Equipment is openly sold online for several thousand dollars, making it increasingly accessible to criminal groups.
Confirmed cases have emerged in Thailand, Vietnam, Japan, New Zealand, Qatar, Indonesia, Oman, Brazil, and beyond. In London, police seized seven such devices, while in June a Chinese student was sentenced to prison for their use. Telecom industry representatives stress that combating SMS blasters requires coordinated action between operators, regulators, and law enforcement, while end-users must remain vigilant and report suspicious texts.
Operators are attempting to strengthen defenses: in 2025, for example, Virgin Media O2 in the UK blocked more than 600 million fraudulent SMS messages, exceeding the totals of the previous two years combined. Yet the flood cannot be entirely stopped. Experts warn that the criminals’ ultimate objective remains unchanged—to lure victims into clicking a link and surrendering personal data. The delivery mechanism has evolved, but the deception is the same.
Security specialists advise disabling 2G support in smartphone settings, a safeguard already built into Android Advanced Protection and the Lockdown Mode on iPhones. In emergencies, devices can still fall back to 2G for calls, but under normal conditions, disabling the outdated standard significantly reduces the risk of being targeted in mass campaigns. For now, SMS blasters remain relatively rudimentary, but as criminals adopt more advanced iterations, the struggle is poised to become a prolonged game of cat and mouse.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
