Ripple effect: Cybercriminals are increasingly using portable devices known as SMS blasters to flood phones with fraudulent text messages, marking a shift in how large-scale phishing scams are carried out. Instead of relying on lists of numbers and automated delivery systems routed through mobile networks, criminals have begun installing fake cell towers in cars or backpacks to beam scam texts directly to nearby phones. These devices, often disguised inside vehicles, impersonate cellular base stations and force surrounding phones into insecure connections.
The trend is a turning point, according to Cathal Mc Daid, VP of technology at telecommunications and cybersecurity firm Enea. "This is essentially the first time that we have seen large-scale use of mobile radio-transmitting devices by criminal groups," Mc Daid told Wired. He noted that while the underlying technology requires some technical expertise, the individuals deploying the blasters are often low-level operators paid simply to drive around with them.
First observed in Southeast Asia, the use of these devices has spread over the past year to Europe, South America, and beyond. Switzerland's National Cybersecurity Centre issued a formal warning in September, noting that some blasters can reach every phone within 1,000 meters. Reports from Bangkok describe a single unit transmitting 100,000 text messages an hour, with one million smishing messages sent over just three days.
Reports from Bangkok describe a single unit transmitting 100,000 text messages an hour, with one million smishing messages sent over just three days.
The devices function by exploiting how phones connect to networks. A blaster emits a 4G signal that convinces nearby devices to connect before forcing them to downgrade to the less secure 2G standard. Mc Daid said the process – capture on 4G, downgrade, send the malicious SMS, and release – can take fewer than 10 seconds, often without the phone owner noticing any interruption.
Because the blasters operate outside established carrier systems, messages delivered this way avoid telecom security filters designed to block phishing content.
"None of our security controls apply to the messages that phones receive from them," Anton Reynaldo Bonifacio, chief information security officer at Globe Telecom in the Philippines, said. Globe stopped delivering SMS containing URLs in 2022, but Bonifacio said scammers now use blasters to bypass those restrictions.
Researchers have found the hardware for sale online for thousands of dollars. In London, police have seized seven SMS blasters and secured several convictions, including a Chinese student sentenced to more than a year in prison after being caught operating one of the devices. Authorities in Thailand, Vietnam, Japan, New Zealand, Qatar, Indonesia, Oman, Brazil, and Hong Kong have reported similar incidents.
Telecom companies are expanding their defenses, but challenges remain. Virgin Media O2 reported blocking more than 600 million scam texts in 2025 alone – more than the combined total for the previous two years. Still, millions of fraudulent messages continue to reach consumers. "It might be a problem in one or two regions, but then we tend to see these things pop up in different regions," said Samantha Kight, head of industry security at GSMA, the mobile operator trade group.
Some phone makers have responded with security features that can reduce exposure. Android software engineer Yomna Nasser said users can disable 2G connectivity in phone settings to prevent forced downgrades, with exceptions only in emergencies when no other signals are available. Newer Android phones also apply this automatically in Advanced Protection mode. Apple has included a 2G disable option through its Lockdown Mode.
While the technology is novel, investigators emphasize that the underlying scam remains the same. "It's a new way of doing the same thing," said Ben Hurley, a detective sergeant with London's Dedicated Card and Payment Crime Unit. The fraudulent texts still aim to trick victims into clicking malicious links and providing personal information.
Experts say criminals are currently using relatively unsophisticated hardware but warn that more advanced models could emerge over time. But as tools once reserved for governments and militaries make their way into criminal hands, "this could be the beginning of a cat-and-mouse game," Mc Daid warns.
Criminals are driving fake cell towers through cities to blast out scam texts
