Week 36: New risk from "SMS blasters"

09.09.2025 - The NCSC is currently receiving a large number of reports about fake text messages purporting to be parking fines in western Switzerland. What stands out is that the people targeted by these phishing texts had in fact recently been in the places mentioned. This suggests that the scammers are using portable mobile phone stations – small devices that can be carried in a rucksack and which allow the scammers to intercept signals and send manipulated text messages. 

In recent weeks, we have received numerous reports of phishing attempts involving fake parking fines sent by text message to people in western Switzerland. Such scams are not new – we regularly receive reports of them. Victims typically receive emails or text messages from scammers posing as the police, claiming that they have an outstanding fine. The message contains a link to a fraudulent payment page that looks deceptively like an official government site. The wording is kept deliberately vague to ensure that it applies to as many people as possible. The scammers' aim is to steal credit card details or other personal data.

While these fake parking fines were mainly sent by email in recent weeks, they are currently being spread by text message.

The new reports also reveal a striking similarity: all of the recipients had been in the same geographical area in western Switzerland shortly before they received the scam text message. This suggests that scammers are using a method that allows them to target their text messages directly at people in a specific location. One person who reported a case provided another valuable clue: shortly before receiving the text message, their smartphone switched from the 4G network to the older 2G standard. Immediately afterwards, they received the scam text message, after which the phone switched back to 4G. All of this points to the scammers using what is called an SMS blaster.

With an SMS blaster, text messages (SMS) can be sent to many people at the same time. This mobile device is about the size of a computer tower and imitates a mobile phone mast. Cybercriminals hide these devices in the boot of their car, in a rucksack, or transport them by bicycle. The SMS blaster emits a strong signal that prompts all smartphones within a radius of 500 to 1,000 metres to connect to it.

The devious trick is that the device poses as the best available mobile phone mast. As soon as your smartphone connects to it, you automatically receive a scam text message – the scammers don't even need to know your phone number. Some SMS blasters also ensure that a phone can only connect to them once within a certain period of time, meaning the mobile phone will only receive the text message once. This allows the scammers to drive around the same area several times.

SMS blasters build on the technology of IMSI catchers. IMSI catchers are devices that can read the International Mobile Subscriber Identity (IMSI) stored on a mobile phone's SIM card and use it to narrow down the phone's location within range of a mobile phone mast. SMS blasters build on this technology and exploit a weakness in the outdated 2G mobile standard. This allows scammers to send text messages with forged sender information directly to user devices without the mobile network operator being aware. This bypasses the operator’s SMS filters, leaving only the filters installed on the device itself (if any).

Technically, these are 'fake mobile base stations' that connect to a mobile network and impersonate a legitimate mobile phone mast.

How the scam usually works:

1. The scammers' device emits a strong signal to prompt nearby phones to connect to it.
2. Your phone is then forced onto the outdated 2G network, which has known vulnerabilities.
3. The scammers can then exploit another weakness to send any text message with a spoofed sender ID directly to your device.
4. Because scammers can set any sender number they want, it’s not possible to verify or block it.
   

We are aware of the threat posed by SMS blasters, and we are collaborating closely with the cantonal police forces, telecommunications companies, the Federal Intelligence Service and the Federal Office of Communications to address this issue.

• Be suspicious of text messages asking you to make a payment, especially supposed parking fines.
• Do not click on any links in suspicious text messages.
• Never enter personal details or credit card information on unfamiliar websites.
• Always verify payment requests directly with the relevant authority.
  

Current statistics

Last week's reports by category:

Current figures