Phishing SMS from fake 2G cells, when cyberattacks bypass mobile operators

Cybersecurity continually faces new threats, but recent investigations show how criminals are adopting increasingly physical strategies to bypass digital defenses.

Not only hackers who operate remotely to breach corporate servers, but real mobile equipment designed to deceive the devices of unsuspecting citizens, completely bypassing security filters and the controls of telecom service providers.

A recent and high-profile case has brought to light the use of the so-called SMS blaster for phishing, devices capable of simulating telecom networks for fraudulent purposes.

They impersonate mobile network antennas for phishing — here’s what SMS blasters are

The dynamics behind these attacks rely on exploiting the intrinsic vulnerabilities of older 2G networks. These rogue devices operate masquerading as legitimate cellular towers and broadcasting a radio signal deliberately stronger than that of the surrounding real antennas.

Phones and tablets, programmed to latch onto the strongest available signal to guarantee line continuity, connect automatically to these fake stations.

Once contact is established, the fraudulent equipment is capable of flooding devices with thousands of text messages in a very short time.

These communications often contain links to deceptive websites, crafted to imitate the login pages of banks or well-known companies, with the precise aim of stealing credentials, usernames and passwords.

In addition to the damage related to theft of personal and financial data, the activation of such machines causes serious repercussions for the local infrastructure: legitimate communications are interrupted, causing dangerous interference even with emergency services and emergency numbers.

The Canadian operation and international precedents

Attention to this specific criminal technique intensified following a wide operation conducted by the police of Toronto, which led to the arrest of three individuals, who were charged with as many as 44 counts.

Authorities estimate that the system, active since November 2025, has affected tens of thousands of phones over several months. According to law enforcement reports, this is the first documented episode of this kind on Canadian soil.

The seized system was described by investigators as a singular assembly, positioned and operated from the rear of a vehicle.

This mobile configuration allowed the criminals to move around in different areas of the metropolis to maximize the number of potential victims, while at the same time making their location extremely difficult to pinpoint.

Despite media requests, the police chose not to release specific photographs of the machinery found in Toronto for obvious public safety reasons, while confirming that the operation mirrors that of similar tools seized in the past in Europe.

The North American episode is indeed echoed in other parts of the globe. As early as 2024, Thai law enforcement had dismantled a similar criminal operation in the city of Bangkok. In that case too, the scammers operated from the cargo area of a moving pickup truck, managing to spread the impressive figure of almost 1 million text messages in the span of just 3 days of operation.

The countermeasures available to users

Facing such direct intrusion methodologies, prevention plays a crucial role. Since the technique relies on the obsolescence and structural flaws of the 2G standard, the main line of defense for citizens is to prevent their devices from using this specific band.

Many modern smartphones offer settings to disable legacy-generation networks.

For those using the Apple or Google ecosystem, for example, the operating system provides specific options to disable the 2G antennas on devices, blocking from the outset the possibility that the device inadvertently connects to one of these fraudulent simulators.