Scammers are adopting a new tactic to push fraudulent text messages, and your phone may not be able to stop it. Instead of relying on stolen phone lists or bulk messaging services, cybercriminals are now using portable “SMS blasters” that impersonate cell towers and directly target devices in range.
How SMS Blasters Work
According to Wired, these devices are backpack-sized units that mimic legitimate towers. Phones nearby are tricked into connecting, first through fake 4G signals and then forced down to insecure 2G connections. Once downgraded, the blaster pushes malicious texts containing phishing links.
Cathal Mc Daid, a telecommunications and cybersecurity expert at Enea, explains the process takes less than ten seconds. The phones capture the fake signal, drop to 2G, receive the fraudulent SMS, and disconnect before the user notices. Some blasters can reach devices within 3,000 feet and deliver up to 100,000 texts per hour.
Authorities worldwide are starting to seize the equipment. Police in London have already confiscated several blasters, while law enforcement in Asia and South America has reported similar arrests. Switzerland’s National Cybersecurity Centre recently issued a public warning about the growing threat.
Why Now
Telecom providers have invested heavily in blocking scam texts. Virgin Media O2, for example, says it blocked more than 600 million fraudulent messages this year alone. But these new devices bypass such filters because the messages never pass through carrier networks. As Anton Reynaldo Bonifacio of Globe Telecom told Wired, “None of our security controls apply to the messages that phones receive from them.”
The spread of SMS blasters has been fastest in Asia-Pacific, according to the GSMA industry group, but cases are now appearing in Europe and South America. Arrest reports from Thailand, Vietnam, Japan, Brazil, and the UK point to a growing international problem. Researchers have also found the devices openly for sale online, sometimes marketed for thousands of dollars.
What You Can Do
Experts say you have limited defenses, but there are steps you can take. Yomna Nasser, a software engineer at Android, advises disabling 2G connectivity in your phone settings. On newer devices, Google’s Advanced Protection mode and Apple’s Lockdown Mode can also prevent 2G connections. Still, the safest practice remains the same: treat unexpected links with extreme caution.
Ben Hurley, a detective sergeant with the City of London Police, notes that the scam itself has not changed. The delivery method is new, but the goal is still to get you to click a fraudulent link and hand over personal information. “It’s a new way of doing the same thing,” Hurley told Wired.
Americans Struggle to Spot Scams
The timing is especially troubling given new research about phishing awareness. A NordVPN privacy study cited by CNET found that only 31% of Americans could correctly identify phishing websites. That’s among the lowest scores worldwide, far behind the UK, which led the rankings.
Marijus Briedis, NordVPN’s CTO, attributes the weak performance to “alert fatigue.” He says Americans are bombarded with so many scam attempts that they become desensitized to warning signs. While the U.S. ranked higher overall in cybersecurity awareness, its poor phishing detection leaves millions more vulnerable to tactics like SMS blasters.
SMS blasters represent a shift in cybercrime tactics. They exploit outdated network protocols, bypass carrier protections, and spread phishing links at scale. For now, law enforcement and telecom providers are racing to catch up. Until they do, the responsibility falls on you to scrutinize every text, avoid suspicious links, and secure your device against 2G connections.
