Sophisticated Smishing Scheme Utilizing Makeshift Cellphone Tower Uncovered in London

London authorities have recently uncovered a sophisticated smishing scheme involving the deployment of a makeshift cellphone tower to flood unsuspecting victims with malicious text messages. This novel approach to smishing, a form of cybercrime that utilizes SMS text messages to deceive and defraud individuals, marks a concerning escalation in digital fraud tactics.

The Incident

Officers have made two arrests in connection with an investigation into the use of a “text message blaster,” believed to have been used to send thousands of smishing messages, posing as banks and other official organizations, to members of the public. In what is thought to be the first of its kind in the UK, an illegitimate telephone mast is believed to have been used as an “SMS blaster” to send messages that bypass mobile phone networks’ systems in place to block suspicious text messages.

One arrest was made on 9 May in Manchester and on 23 May, a further arrest was made in London. Huayong Xu, 32, of Alton Road, Croydon, was charged on 23 May with possession of articles for use in fraud and was remanded in custody. He will appear at Inner London Crown Court on 26 June. The other arrested person was bailed.

Response and Collaboration

Detective Chief Inspector David Vint, leading the investigation from the Dedicated Card and Payment Crime Unit (DCPCU), emphasized the increasing sophistication of cybercriminals in their quest to defraud the public. He underscored the importance of collaborative efforts between law enforcement agencies and industry partners to combat evolving threats and safeguard individuals from falling victim to fraud schemes. Officers from the DCPCU worked with mobile network operators, Ofcom, and the National Cyber Security Centre (NCSC).

Recommendations for Protection

In response to this incident, authorities have urged the public to remain vigilant and take proactive measures to protect themselves against smishing attacks.

  1. Exercise Caution: Be wary of unsolicited text messages, especially those requesting personal or financial information. If a message seems suspicious or too good to be true, it likely is.
  2. Avoid Clicking Links: Refrain from clicking on links or downloading attachments from unknown or untrusted sources. These could lead to phishing websites or malware installation on your device.
  3. Verify Sender Authenticity: Verify the authenticity of the sender before responding to any text message, especially those claiming to be from banks, government agencies, or service providers. Use official contact information to reach out and confirm the legitimacy of the message.
  4. Report Suspected Smishing: Report any suspected smishing attempts to your mobile service provider by forwarding the message to 7726 (or “SPAM”). This helps carriers identify and block fraudulent numbers.
  5. Stay Informed: Stay informed about the latest smishing tactics and trends. Regularly update yourself on common scams and security best practices to better protect yourself and your personal information.

Smishing FAQs

Q: How to prevent smishing?
A: Preventing smishing involves staying vigilant and employing security best practices. Be cautious of unsolicited messages, avoid clicking on suspicious links, and verify the authenticity of senders before responding.

Q: How to respond to smishing?
A: If you receive a suspected smishing text, do not respond to it. Instead, report it to your mobile service provider by forwarding the message to 7726 (or “SPAM”). Additionally, consider reporting the scam to relevant authorities, such as the Federal Trade Commission (FTC).

Q: What is smishing versus vishing?
A: Smishing involves fraudulent text messages, while vishing involves fraudulent phone calls (voice phishing). Both tactics aim to deceive individuals into providing sensitive information, but they use different communication channels.

Q: What happens if I click on a smishing text?
A: Clicking on a smishing text can lead to various consequences, including phishing website redirection, malware installation on your device, or data theft. It’s crucial to avoid clicking on links in suspicious text messages to protect your personal information and device security.


By remaining vigilant and adopting proactive security measures, individuals can fortify themselves against the pervasive threat of smishing and mitigate the risk of falling victim to fraudulent schemes.

This incident serves as a stark reminder of the evolving tactics employed by cybercriminals and the critical importance of ongoing collaboration between law enforcement agencies, industry stakeholders, and the public in combating cyber threats and preserving digital security.

How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is an ISO 27001:2013 (Information Security Management), ISO 9001:2015, and CMMI V 2.0 Level 3 certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 

Questions or concerns? Feel free to reach out to us any time –

Copyright © Netizen Corporation. All Rights Reserved.