Rise in Large-Scale SMS Scams: Criminals Use Fake Cell Phone Towers to Bombard Phones with Fraudulent Messages
In a concerning development, cybercriminals have turned to a novel method for flooding phones with fraudulent text messages. Traditionally, when malicious actors send waves of phishing messages, such as toll or delivery scams, they utilize large lists of phone numbers and automate the process. However, as telecommunication companies and service providers have implemented more tools to detect and filter scam texts, criminals have resorted to using mobile devices that mimic cell phone towers, sending messages directly to nearby phones while the users are in proximity.
Over the past year, there has been a significant rise in the usage of so-called “SMS blasters” by scammers worldwide. Authorities in various countries have identified and apprehended individuals using these devices. SMS blasters are compact devices, often found in the backs of criminals’ vehicles or bags, that masquerade as cell phone towers and manipulate phones into using insecure connections. They then transmit scam messages containing links to fraudulent websites to the connected phones.
While not an entirely novel technology, the use of SMS blasters for scamming was initially detected in Southeast Asian countries and has since expanded to Europe and South America. Last week, Switzerland’s National Cybersecurity Centre issued a warning about SMS blasters, with some devices reportedly capable of sending hundreds of thousands of text messages per hour within a 1000-meter radius.
Cathal Mc Daid, VP of technology at telecommunication and cybersecurity firm Enea, who has been monitoring the use of SMS blasters, notes that “this marks the first time we have seen large-scale utilization of mobile radio-transmitting devices by criminal groups.” While some technical expertise would aid in operating these devices, non-experts can be hired to drive around areas with the devices in cars or vans.
SMS blasters function as illegitimate phone masts, often referred to as cell-site simulators (CSS). These blasters resemble IMSI catchers, or “Stingrays,” commonly used by law enforcement agencies for data collection. However, instead of being employed for surveillance, they emit false signals targeting specific devices.
Phones near a blaster can be compelled to connect to its illegitimate 4G signals before being induced to downgrade to the less secure 2G signal. “The 2G fake base station is then used to send malicious SMSes to the mobile phones initially captured by the 4G false base station,” Mc Daid explains. This entire process, from capturing the phone, downgrading the connection, sending scam texts, and releasing the phone, can take less than ten seconds, making it difficult for users to notice.
The rise of SMS blasters coincides with a surge in scams. In recent years, technology firms and mobile network operators have stepped up protections against fraudulent text messages, including improved filtering and detection systems and the blocking of tens of millions of messages per month. This month alone, UK telecom Virgin Media O2 reported having blocked over 600 million scam text messages in 2025—a figure that surpasses its combined totals for the previous two years. Despite these efforts, millions of scam messages continue to slip through the net, with cybercriminals constantly evolving their tactics to bypass detection systems.
