| Commsrisk
By
Eric Priezkalns
19 Jan 2026
The scourge of smishing messages sent by rogue base stations is spreading across Europe but national leaders ignore the underlying security threat.
Police have announced the first ever arrests of smishing SMS blaster scammers in Greece. Regular readers of Commsrisk will anticipate all the essential facts of the case: a false base station was carried in the back of a car; the car was driven through densely populated suburbs of Athens, a major metropolitan area; the phones of victims were downgraded to 2G to bypass the security protocols of subsequent generations; victims received SMS messages that impersonated banks and contained links to phishing websites. But perhaps the most important common factor was that the two driver-operators of the SMS blaster were Chinese.
The arrests in Greece relied upon dumb luck rather than technologies that identify and pinpoint fake base stations. An employee of a shopping mall in Spata, an eastern district of Athens, warned police that two Chinese customers had behaved suspiciously. The police stopped and questioned the Chinese, who presented forged identity documents. The police then proceeded to search their car, where they found an SMS blaster and associated equipment. Three actual cases of fraud have since been tied to messages sent by the SMS blaster. The victims in these cases respectively reside in Spata, in downtown Athens, and in Maroussi, a northern suburb of Athens.
Greek police released an image of the equipment they found; this has been reproduced at the bottom of the article. Regular readers will also recognize another element commonly seen in photographs of devices seized during SMS blaster busts worldwide: a DC-to-AC electricity converter in the distinctive orange case of Chinese manufacturer NFA. We have also collated images of NFA converters that powered SMS blasters in Hong Kong, Japan, Malaysia, the Philippines, Qatar, Serbia, Thailand, Türkiye and the United Kingdom. There is nothing illegal about making and selling devices that convert DC electricity to AC, but the use of the same Chinese manufacturer’s equipment by Chinese criminals arrested in such a wide spread of countries would suggest common supply chains are enabling the intercontinental spread of SMS blaster crime.
A lot is said about the need for collaboration to reduce fraud but the extent of voluntary collaboration can be gauged by:
the widespread, but often unacknowledged dependence on this website to monitor and analyze information about SMS blaster crime from around the world; and
the information provided here for free is not even quoted correctly by the authorities.
The Greek authorities advised their local press that Greece is the fifth European country to be attacked using an SMS blaster. Commsrisk’s open source intelligence is evidently having an impact because press reports of earlier busts usually featured ineptly random lists of a few places where SMS blasters had been found before. The SMS blaster map on our Global Fraud Dashboard shows that Greece is at least the sixth country in Europe to discover smishing messages from SMS blasters carried by car. The other five European countries are, in chronological order of when their cases were reported: France, Norway, the United Kingdom, Switzerland and Serbia. Fake base stations that transmitted SMS messages have also been identified in Türkiye although the Turkish authorities insist those devices were used for espionage instead of smishing fraud. Note also that a Chinese national based in Istanbul was involved in the supply of those fake base stations and that an NFA power converter was used in conjunction with one of them.
The new case from Athens has been added to our SMS blaster map. If you believe a useful purpose is served by the open source intelligence that is automatically harvested by our Global Fraud Dashboard then please consider donating to the crowdfunding campaign we will launch soon. The goal is to finance the development work for a massive expansion of the number of charts on the dashboard and the range of data sources that it monitors.
I draw one overriding conclusion from the general ignorance surrounding the spread of SMS blaster crime: national authorities are not gathering and exchanging intelligence that would help them anticipate the spread of international crimes involving communications tech. They do not formulate plans to protect the public until they have identified crimes occurring within their jurisdictions. If detection depends on dumb luck, as it has in many of the European cases, then a lot of crime can occur before the authorities will react. This is a dangerous approach when dealing with crimes involving electronic communications as they are easily spread to new countries. Insufficient importance is attached to systematically detecting these crimes even though a few countries have researched and implemented technologies to proactively identify SMS blasters. Nor are we thinking strategically about safety. A rogue base station can be used for smishing fraud, or for espionage, or to spread panic.
If I were Vladimir Putin, a former spook with a penchant for destabilizing other countries through black ops and disinformation, then I would be laughing at European governments that talk a lot about preparing for conflict but have not modified mobile networks to reveal how many fake base stations are being transported around the continent. The invasion of Ukraine has prompted a rapid evolution in the ways electronic communications are exploited for warfare. Manufacturers of military drones commonly advertise versions that carry IMSI-catchers, a kind of surveillance device that mimics base stations in much the same way that SMS blasters do. Meanwhile, Europe remains so blasé about SMS blasters that a Chinese national could rent a car in, say, Estonia or Bulgaria, then drive it the whole way to Portugal or Italy, blasting SMS messages along the entire route, without anyone trying to stop him. The method is currently being used for fraud but it could just as easily spread disinformation with the intention to cause mayhem ahead of an invasion.
My guess (and hope) is that 2026 will be the year when most European police and governments will finally stop pretending that SMS blasters are a ‘new’ problem that will simply go away if they ignore it. To put the current European situation into context, consider that the mushrooming of SMS blaster crime was witnessed a decade ago across a similarly-sized geographic region. Chinese legal reports show there had already been over 1,600 separate prosecutions involving fake base stations by 2016. The Chinese authorities responded by taking radical action to punish the manufacture and sale of SMS blasters as well as their use by criminals. It seems they care less about the export of SMS blasters now that the domestic threat has been quelled.
Instead of learning from China’s example, European authorities behave as if there is no need to proactively tackle the supply of SMS blasters. I doubt Europe has the same determination to fight crime as the authorities in China, even if it was capable of marshaling and coordinating resources in the way the Chinese Communist Party can. Fearing they might be overwhelmed by exports from China, various East Asian countries have banned the importation of SMS blasters and run sting operations to disrupt supply lines.
Meanwhile, false base stations can openly be bought through websites — on condition they are never used within China — and Western internet firms including Google do nothing about adverts that promote their sale. Those involved in European legislation and regulation dither over how to write a definition of SMS blasters that can be used to make them illegal without prohibiting legitimate radio telecoms equipment. Presumably these dunderheads will later do what they always do: wait for a crisis to occur then seek praise for reacting to it while pretending there was no way to anticipate it.
Look immediately below for the Greek police photograph of the equipment they seized, and keep scrolling for comparative photos of NFA converters used to power SMS blasters found in (clockwise from top left): Hong Kong; Malaysia; Thailand; Türkiye; the United Kingdom; Manila in the Philippines; Bulacan in the Philippines; Serbia; Qatar; and Japan.
| Commsrisk
By
Eric Priezkalns
15 Dec 2025
Serbia’s Ministry of Internal Affairs has issued a statement and photographs relating to the arrest of two Chinese nationals who sent smishing SMS messages from a fake base station. The messages included links to websites which impersonated reputable public and private sector organizations including mobile operators. The websites asked for the details of the payment cards belonging to victims. The information obtained from victims was then used to purchase goods and services abroad.
This appears to be the first reported case of its type in Serbia. Nothing was said about the location in Serbia where the men were caught but the police reportedly searched multiple apartments and business premises. The two arrested men, aged 33 and 34, were said to be working for an organized criminal gang that operates across ‘several’ European countries.
Regular readers of Commsrisk may also notice a telltale sign that these criminals are connected to SMS blasting smishers found elsewhere. Photographs of the equipment found in their car show they possessed a distinctive orange DC-AC power converter of a type also used in conjunction with SMS blasters seized in many other countries. Scroll down for the photographs of the equipment found in Serbia.
Commsrisk uses AI-powered search to maintain the most comprehensive global map of reported SMS blasters. This incident has been added to the map.
Photographs from the Serbian government of the seized equipment are reproduced below. A video of the two men being arrested is here. Look here for this news per the official Instagram account of the Serbian Ministry of Internal Affairs.
Trois hommes ont été interpellés pour avoir utilisé des SMS frauduleux afin d'escroquer des victimes.
Le Ministère public genevois annonce ce jeudi l’arrestation de trois personnes accusées d’arnaques aux fausses amende. Deux de ces individus ont 21 ans, le troisième 30 ans. L’un a été interpellé le 23 juillet, les deux autres plus récemment, les 5 et 7 septembre.
Deux ont été arrêtés dans des véhicules qui contenaient des «SMS-Blaster», le troisième individu est le propriétaire de l'un des véhicules.
Les «SMS-Blaster»? Ces appareils se substituent aux antennes des opérateurs téléphoniques pour récupérer des numéros de téléphone et envoyer des SMS contenant un lien vers des sites frauduleux.
Exemple donné par le Ministère public: «parkings-ge.com», qui imite le site officiel de la fondation genevoise des parkings.
Faux conseiller bancaire
«Les destinataires des SMS étaient invités à s'acquitter d'une fausse contravention et à fournir à cet effet leurs données personnelles et bancaires», est-il expliqué. «Dans un second temps, les victimes étaient contactées par un faux conseiller bancaire, lequel les incitait à lui transmettre les codes nécessaires pour procéder à des prélèvements sur leur compte bancaire».
Les trois individus arrêtés sont poursuivis pour escroquerie et utilisation abusive d'une installation de télécommunication.
Pour davantage d'information, la police genevoise avait récemment détaillé les arnaques à la fausse contravention ou fausse amende, avec les recommandations d'usage. Les principales étant de ne pas divulguer de données personnelles et de s’assurer de la légitimité de son interlocuteur pour toute sollicitation financière ou urgente.
justice.ge.ch 25/09/25 Communiqué de presse - Ministère public Genève
Entre le 23 juillet et le 7 septembre 2025, deux individus âgés de 21 ans et un autre âgé de 30 ans ont été arrêtés. Ils sont suspectés d'avoir participé à l'envoi de SMS incitant les destinataires à régler une fausse contravention.
A Genève, trois personnes ont été interpellées les 23 juillet, 5 et 7 septembre 2025, dont deux dans des véhicules qui contenaient des appareils appelés "SMS-Blaster", la troisième personne étant le propriétaire de l'un des véhicules.
Ils sont suspectés d'avoir utilisé ces appareils, lesquels se substituent aux antennes des opérateurs téléphoniques, afin de récupérer des numéros de téléphone pour envoyer des SMS contenant un lien vers des sites frauduleux tels que "parkings-ge.com", imitant le site officiel de la fondation des parking "amendes.ch". Les destinataires des SMS étaient invités à s'acquitter d'une fausse contravention et à fournir à cet effet leurs données personnelles et bancaires.
Dans un second temps, les victimes étaient contactées par un faux conseiller bancaire, lequel les incitait à lui transmettre les codes nécessaires pour procéder à des prélèvements sur leur compte bancaire
Pour ces faits, les prévenus sont poursuivis pour escroquerie (art. 146 CP) et utilisation abusive d'une installation de télécommunication (art. 179septies CP).
Les investigations sont menées par la brigade des cyber enquêtes sous la direction de la procureure Vanessa SCHWAB.
Les prévenus bénéficient de la présomption d'innocence.
www.wired.com
Scammers are now using “SMS blasters” to send out up to 100,000 texts per hour to phones that are tricked into thinking the devices are cell towers. Your wireless carrier is powerless to stop them.
Cybercriminals have a new way of sending millions of scam text messages to people. Typically when fraudsters send waves of phishing messages to phones—such as toll or delivery scams—they may use a huge list of phone numbers and automate the sending of messages. But as phone companies and telecom services have rolled out more tools to detect scams in texts, criminals have started driving around cities with fake cell phone towers that send messages directly to nearby phones.
Over the last year, there has been a marked uptick in the use of so-called “SMS blasters” by scammers, with cops in multiple countries detecting and arresting people using the equipment. SMS blasters are small devices, which have been found in the back of criminals’ cars and sometimes backpacks, that impersonate cell phone towers and force phones into using insecure connections. They then push the scam messages, which contain links to fraudulent websites, to the connected phones.
While not a new type of technology, the use of SMS blasters in scamming was originally detected in Southeast Asian countries and has increasingly spread to Europe and South America—just last week, Switzerland’s National Cybersecurity Centre issued a warning about SMS blasters. The devices are capable of sending huge volumes of scam texts indiscriminately. The Swiss agency said some blasters are able to send messages to all phones in a radius of 1,000 meters, while reports about an incident in Bangkok say a blaster was used to send around 100,000 SMS messages per hour.
“This is essentially the first time that we have seen large-scale use of mobile radio-transmitting devices by criminal groups,” says Cathal Mc Daid, VP of technology at telecommunication and cybersecurity firm Enea, who has been tracking the use of SMS blasters. “While some technical expertise would help in using these devices, those actually running the devices don’t need to be experts. This has been shown by reports of arrests of people who have been basically paid to drive around areas with SMS blasters in cars or vans.”
SMS blasters act as illegitimate phone masts, often known as cell-site simulators (CSS). The blasters are not dissimilar to so-called IMSI catchers, or “Stingrays,” which law enforcement officials have used to scoop up people’s phone data. But instead of being used for surveillance, they broadcast false signals to targeted devices.
Phones near a blaster can be forced to connect to its illegitimate 4G signals, before the blaster pushes devices to downgrade to the less secure 2G signal. “The 2G fake base station is then used to send (blast) malicious SMSes to the mobile phones initially captured by the 4G false base station,” Mc Daid says. “The whole process—4G capture, downgrade to 2G, sending of SMS and release—can take less than 10 seconds,” Mc Daid explains. It’s something people who receive the messages may not even notice.
The growth of SMS blasters comes at a time when scams are rampant. In recent years, technology firms and mobile network operators have increasingly rolled out greater protections against fraudulent text messages—from better filtering and detection of possible scam messages to blocking tens of millions of messages per month. This month, UK telecom Virgin Media O2 said it has blocked more than 600 million scam text messages during 2025, which is more than its combined totals for the last two years. Still, millions of scam messages get through, and cybercriminals are quick to try to evade detection systems.
...
commsrisk.com - A joint press conference organized on Sunday by the Technology Crime Suppression Division of the Thai police and AIS, the country’s largest mobile operator, shared the results of another operation to locate and capture a fake base station being used to send fraudulent SMS messages. The operation culminated with the arrest of two young Thai men and the seizure of one SMS blaster from their car.
The operation was instigated by a member of the public who advised they had received a scam message. On August 8, the SMS blaster was pinpointed in a Mazda vehicle driving along New Petchburi Road, a major thoroughfare in Bangkok. The vehicle was followed and police arrested its two occupants, both in their early 20’s, when they stopped at a gas station in Bangkok’s Bang Phlat District.
The fake base station was used to send scam messages impersonating banks and comms providers. The messages claimed recipients had received a prize or had earned loyalty points that needed to be redeemed before they expired. These are familiar themes that have also been used for SMS blaster scams in other countries. Victims who clicked the link in the messages were directed to a phishing website. The criminals’ goal is to obtain the banking details of victims so their bank accounts can be plundered.
One of the arrested men told the police that they had been recruited via Telegram messages from a Chinese man who paid them THB2,500 (USD75) a day. Both men admitted the SMS blaster had been driven around on three separate occasions, the earliest of which was August 2 of this year. A spokesperson for AIS stated the device they were using had an effective range of 1-2km and was capable of sending over 20,000 SMS messages a day. Photographs of the arrest and the equipment are reproduced at the bottom of this article.
An industry insider revealed to Commsrisk that Thai telcos have been discouraged from sharing as much information about SMS blaster raids as previously. Public awareness of the risks posed by SMS blasters is higher in Thailand than many other countries because of well-publicized police busts and a concerted effort to warn phone users not to click on hyperlinks in suspicious SMS messages. However, there is now concern that revealing the details of anti-crime operations is helping the criminals to adapt their techniques to better avoid detection.
Cynical telcos that prioritize profits over public safety want splashy news stories about police raids and the arrest of low-level criminals because it creates the appearance that the war against networked crime can be won using these tactics. Responsible professionals understand that detecting the radio comms devices used to commit crime is only a palliative and not a genuine solution. If a radio device is already being used to send fraudulent messages then telcos and the authorities are choosing to react to crime instead of preventing it.
Thai law enforcement has wisely adopted a proactive strategy supported by the country’s telcos. This involved criminalizing the possession of SMS blasters and simboxes before using border controls to stop them being imported into Thailand. However, Thailand’s porous borders with Cambodia and Myanmar, which both serve as safe havens for scam compounds, makes it harder to prevent new scam equipment being smuggled into the country.
The resources that Thailand has devoted to detecting SMS blasters should not be underestimated. But it also shows that relying upon the speedy detection of radio comms equipment used by scammers will never be sufficient. AIS is working with police to find SMS blasters within just a few days of them being activated but gangs keep coming back with more.
Seizing equipment and imprisoning low-level goons does not discourage the criminal bosses that orchestrate these scams. They soon hire new foot soldiers to operate newly-despatched scam tech. Every success in locating radio equipment prompts the criminals to elaborate tactics that make them harder to find next time. Thailand’s experience demonstrates that every country will need to adopt a comprehensive approach to prohibiting and interrupting the supply of radio comms devices that have very few legitimate uses.
This case has been added to the SMS blaster map on our Global Fraud Dashboard. We use AI-powered search to maintain the most comprehensive and up-to-date compendium of reports of fake base stations being used to send SMS messages.
A criminal has been sentenced at Inner London Crown Court to over a year in prison for operating a SMS Blaster to conduct a mass smishing campaign against victims with the intent to harvest their personal details to be used in fraud.
The sentencing follows an investigation and arrest by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist banking industry sponsored police unit.
The conviction was achieved thanks to the officers from the DCPCU working with mobile network operators including BT, Virgin Media O2, VodafoneThree and Sky as well as the National Cyber Security Centre and Ofcom.
Between 22 and 27 March 2025 Ruichen Xiong, a student from China had installed an SMS Blaster in his vehicle to commit smishing fraud, targeting tens of thousands of potential victims.
Xiong drove around the Greater London area in a Black Honda CR-V. This vehicle was used to hold and transport an SMS Blaster around in the boot.
An SMS Blaster allows offenders to send fraudulent text messages to phones within the vicinity of the equipment and acts as an illegitimate phone mast to send messages. The blaster will draw mobile devices away from legitimate networks by appearing to have a stronger signal. By doing so, the criminal is then able to send a text message to the victim's phone.
The equipment was programmed to send out SMS messages to victims within a nearby radius of the blaster, designed to look like trustworthy messages from genuine organisations, such as government bodies, where the victim was encouraged to click a link. The link would subsequently take them to a malicious site that was designed to harvest their personal details.
