Key takeaways:
- Criminals are using backpack-sized rogue base stations to impersonate cell towers and blast smishing SMS, up to 100,000 texts/hour within ~1 km by forcing 2G fallback.
- These messages bypass carrier defenses (SMS firewalls, SS7/SMPP monitoring) because they never traverse the operator’s network.
- First seen in Southeast Asia, the tactic is spreading to Europe, South America, Japan, and New Zealand, with losses poised to surge at scale.
- Protect yourself: disable 2G (Android) / enable Lockdown Mode (iPhone), avoid unsolicited links, verify with the purported sender, and report to 7726 (SPAM), FTC (US), or Action Fraud (UK).
Scammers have found a new way to infiltrate our devices, causing a never-before-seen headache for law enforcers.
Criminals are now using portable base-station devices, which are so small they can be hidden in backpacks. What do they do? Impersonate cell towers and bombard your SMS inbox with scammy texts.
Known as “smashing,” this is an old scam technique with a new delivery method. Traditionally, criminals relied on large lists of numbers and network-based spoofing to send fraudulent messages.
Now, however, criminals can simply drive a vehicle and send these scam texts to anyone within a 1-kilometer radius.
Once the portable cell tower connects to a nearby mobile device, it automatically downgrades the device’s connection to 2G (known as 2G fallback), which has weaker security and authorization.
The SMS is sent directly to the device without passing through the network provider’s security checks, thereby escaping detection. Worse, all of this happens in less than 10 seconds, so you won’t even notice that your network has been downgraded to 2G.
This campaign was first seen in Southeast Asia, with countries like Thailand, Vietnam, Indonesia, and Hong Kong emerging as the major epicenters.
However, law enforcement agencies have also observed this delivery method spreading to Europe and South America over the past year, along with countries like Japan and New Zealand.
Inadequacies of Current Defence Mechanisms
Network carriers employ multiple defense layers to detect and block such spam messages. For example, an SMS firewall scans every text message entering or leaving a network and blocks texts based on the sender’s reputation, message content, etc.
Carriers also use volume-rate anomaly detection to flag bulk messages on their network and monitor signalling protocols such as SS7 and SMPP to detect irregular behaviour or routing anomalies.
For instance, Virgin Media blocked 600 spam SMS on its O2 network in 2025 so far (until August). This is already more than the combined volume of the last two years.
However, as Anton Reynold Bonifaco, Chief Information Security Officer at Globe Telecom, points out, none of these security controls work because the messages do not pass through the network in the first place.
They are delivered directly to the recipient’s device using a rogue base station, which compounds problems for both providers and law-enforcement, making system-level detection almost impossible as of now.
As per data from the FTC, users lost around $470M to text message scams in 2024, which is five times more than the amount lost in 2020. Most of these spam texts were fake delivery package notifications or bogus job opportunity messages.
This was when scammers stuck to old scam methods. Now, with an easier way to deliver millions of messages in a day, one can only imagine the magnitude of these losses in the current year.
The Potential of the Scam
Old methods required technical expertise, such as radio-engineering and system skills, to deliver smishing SMS. However, these portable devices are low-effort.
Scammers can pay a couple of hundred bucks to anyone to drive around with these devices, and within hours, they have all the phones in the neighbourhood buzzing with these texts.
While that already sounds scary, here’s something that’ll help you catch the seriousness of this. In Bangkok, a single portable cell tower was found delivering 100,000 texts in just an hour. Now, SMS click-through rates are usually between 8.9% to 14.5%.
Even if we calculate at a conservative rate of just 5%, that’s 500 people clicking on the malicious link, potentially losing thousands (again, conservative) of dollars. What’s even more terrifying is that this is just 1 hour of driving with just 1 cell tower around a random neighbourhood.
Extrapolate this to a thousand devices in hundreds of cities working 6 hours a day, and you have a major catastrophe at hand.
How Can You Protect Yourself
To protect yourself from these fake cell tower SMS attacks, you can first disable 2G on your Android device. Doing so prevents any 2G fallback and keeps you secure on your current 4G or 5G connection.
For iPhone users, enabling Lockdown Mode automatically disables 2G support.
Now, scammers sending you an SMS is just one side of the coin. You don’t become a victim simply because the message lands on your device but only if you act on it without caution.
When clicked, these messages usually contain malicious links, which can eventually overtake your device and steal sensitive information like your name, address, phone number, social security number, bank details, passwords, and social media credentials.
The key thing to understand is that all of this only happens when YOU act without thinking. Even if an SMS makes its way to your device (through any method), awareness and vigilance are your best defenses.
Most scam messages carry an undertone of urgency, urging you to act instantly. Take the popular ‘Hi Mum / Hi Dad’ scam for example. Parents receive a text from a scammer pretending to be their child, with a message that reads: “Hi Mom, I have lost my phone. This is my temporary number, please save it.”
The conversation usually ends with the scammer asking for money on the pretext that they (pretending to be the child) cannot access their bank accounts since the phone is lost. As per the ACCC, 11,100 victims have collectively lost $7.2M to this modus operandi so far.
A little bit of vigilance or patience could have helped thousands avoid monetary loss in this case. For instance, as a parent, you could have reached out to your child on their personal phone number or waited for them to get home to ask about the message.
Question Every Text Message
Here’s another pro tip: read the message carefully. Scam texts often contain grammatical and spelling errors, which can easily tell them apart from genuine texts. Although scammers now use AI to draft accurate messages, you can still look out for red flags such as unusual sentence structure or inconsistent tone.
If the message seems to be from a government source or your bank, avoid clicking the link and instead reach out to their customer support to verify if they actually sent the message.
Another thing you can do is inspect the URL before clicking on it. If you long-press or hover over the link with your mouse, you can see the complete address. Look for inconsistencies such as wrong domain names – for example, paypa1.com instead of paypal.com, or yourbank.net, instead of yourbank.com.
If you receive such spam texts, you can forward it to 7726 (SPAM), which sends the text and the metadata to your provider for further inspection. You can also report to the FTC at ReportFraud.ftc.gov.
If you’re in the UK, you can also reach out to authorities at actionfraud.police.uk or call 0300 123 2040.
As technology continues to evolve—from the return of ‘dumbphones’ to faster and sleeker computers—seasoned tech journalist, Cedric Solidon, continues to dedicate himself to writing stories that inform, empower, and connect with readers across all levels of digital literacy. With 20 years of professional writing experience, this University of the Philippines Journalism graduate has carved out a niche as a trusted voice in tech media. Read more
Whether he’s breaking down the latest advancements in cybersecurity or explaining how silicon-carbon batteries can extend your phone’s battery life, his writing remains rooted in clarity, curiosity, and utility. Long before he was writing for Techreport, HP, Citrix, SAP, Globe Telecom, CyberGhost VPN, and ExpressVPN, Cedric’s love for technology began at home courtesy of a Nintendo Family Computer and a stack of tech magazines. Growing up, his days were often filled with sessions of Contra, Bomberman, Red Alert 2, and the criminally underrated Crusader: No Regret.
But gaming wasn’t his only gateway to tech. He devoured every T3, PCMag, and PC Gamer issue he could get his hands on, often reading them cover to cover. It wasn’t long before he explored the early web in IRC chatrooms, online forums, and fledgling tech blogs, soaking in every byte of knowledge from the late ’90s and early 2000s internet boom. That fascination with tech didn’t just stick. It evolved into a full-blown calling. After graduating with a degree in Journalism, he began his writing career at the dawn of Web 2.0.
What started with small editorial roles and freelance gigs soon grew into a full-fledged career. He has since collaborated with global tech leaders, lending his voice to content that bridges technical expertise with everyday usability. He’s also written annual reports for Globe Telecom and consumer-friendly guides for VPN companies like CyberGhost and ExpressVPN, empowering readers to understand the importance of digital privacy.
His versatility spans not just tech journalism but also technical writing. He once worked with a local tech company developing web and mobile apps for logistics firms, crafting documentation and communication materials that brought together user-friendliness with deep technical understanding. That experience sharpened his ability to break down dense, often jargon-heavy material into content that speaks clearly to both developers and decision-makers. At the heart of his work lies a simple belief: technology should feel empowering, not intimidating.
Even if the likes of smartphones and AI are now commonplace, he understands that there’s still a knowledge gap, especially when it comes to hardware or the real-world benefits of new tools. His writing hopes to help close that gap. Cedric’s writing style reflects that mission. It’s friendly without being fluffy and informative without being overwhelming. Whether writing for seasoned IT professionals or casual readers curious about the latest gadgets, he focuses on how a piece of technology can improve our lives, boost our productivity, or make our work more efficient.
That human-first approach makes his content feel more like a conversation than a technical manual. As his writing career progresses, his passion for tech journalism remains as strong as ever. With the growing need for accessible, responsible tech communication, he sees his role not just as a journalist but as a guide who helps readers navigate a digital world that’s often as confusing as it is exciting. From reviewing the latest devices to unpacking global tech trends, Cedric isn’t just reporting on the future; he’s helping to write it. Read less
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
