{"id":53810,"date":"2025-07-11T11:09:54","date_gmt":"2025-07-11T15:09:54","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=53810"},"modified":"2025-07-11T11:09:54","modified_gmt":"2025-07-11T15:09:54","slug":"what-are-sms-blasters-and-how-to-protect-yourself","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/what-are-sms-blasters-and-how-to-protect-yourself\/53810\/","title":{"rendered":"How to protect yourself from SMS blaster scams"},"content":{"rendered":"

Fake text messages pretending to be from banks, delivery services, or municipal agencies are scammers\u2019 tactic of choice to trick people into revealing financial information and passwords. This type of phishing is often referred to as \u201csmishing\u201d (from \u201cSMS phishing\u201d). While nearly every carrier filters dangerous text messages, and only a fraction reach recipients, scammers have come up with something new. Over the past year, criminals have been arrested in the UK<\/a>, Thailand<\/a>, and New Zealand<\/a> for sending messages that bypassed carrier networks and went directly to victims\u2019 phones. This technology is known as \u201cSMS blasting\u201d.<\/p>\n

What is an SMS blaster?<\/h2>\n

An SMS blaster pretends to be a cellular base station. About the size of an old computer tower, it bristles with antennas. Scammers often stash it in the trunk of a car or even in a backpack. Once activated, the blaster prompts all nearby phones to connect to it, as it appears to be the most powerful base station with the best signal. When a phone connects, it receives a fake SMS. Depending on the blaster model and reception conditions, the SMS broadcast range is between around 500 and 2000 meters. This is why criminals prefer to operate in crowded areas like shopping malls, or tourist and business centers: these are where all known attacks have been recorded. What\u2019s more, the tech the scammers use provides them with all sorts of tricks: they don\u2019t pay for the messages, they can spoof any sender, and they\u2019re free to include any links at all; they don\u2019t even need to know victims\u2019 phone numbers: any phone will receive a message if it connects to the fake cell tower.<\/p>\n

How an SMS blaster works<\/h2>\n

An SMS blaster exploits vulnerabilities in the 2G (GSM) communication standard. While 2G is primarily used today in remote, sparsely populated areas, all phones still support it. First, the blaster sends a technical signal over modern 4G\/5G networks. When any phone or smartphone receives this signal, it attempts to switch to a 2G network. Simultaneously, the blaster broadcasts fake 2G base-station signals. The victim\u2019s smartphone recognizes these as legitimate carrier signals and connects. Unlike the 3G, 4G, and 5G standards \u2013 where the smartphone and base station always perform a mutual cryptographic check during connection \u2013 this feature was only optional in 2G. This loophole allows an SMS blaster to mimic any carrier. Once connected, it can send any text message to a smartphone. After transmitting the SMS, the fake base station disconnects, and the smartphone reverts to its normal 4G\/5G network with its legitimate carrier.<\/p>\n

Perhaps surprisingly, this technology isn\u2019t new. Similar to blasters, devices known as IMSI catchers<\/a>, StingRays<\/a>, or cell site simulators, have been used by law enforcement and intelligence agencies to gather data on individuals attending events of interest. However, criminals have found a new use for the technology.<\/p>\n

Defending against SMS blasters<\/h2>\n

You can block fake text messages by disabling 2G network connectivity on your smartphone, but that\u2019s a double-edged sword. If you live in an area with poor signal or far from major cities, your phone might still occasionally use 2G. This is why many carriers haven\u2019t completely phased out the outdated technology.<\/p>\n

If you haven\u2019t seen the 2G icon (an \u201cE\u201d or \u201cG\u201d next to your signal-strength indicator) in years, you might want to consider this option. Android phones running version 12 or newer offer the ability to disable 2G<\/a>, but not every vendor makes this toggle visible and accessible. Android 16 introduced notifications<\/a> that alert you if your smartphone might be connected to a fake 2G tower, but due to hardware limitations these only work on certain newer smartphones.<\/p>\n

There\u2019s no similar option in iOS, but you can effectively disable 2G by activating Lockdown Mode. Unfortunately, this does far more than just turn off 2G; it significantly restricts many iPhone functions<\/a> in the name of maximum security (many would say it renders an iPhone practically unusable).<\/p>\n

To avoid sacrificing your phone\u2019s functionality while still protecting yourself from dangerous text messages, consider using a comprehensive smartphone security system<\/a>. SMS blasts will still be delivered to your phone, but they won\u2019t cause harm thanks to two layers of protection. The system identifies malicious messages regardless of the cellular network and blocks SMS spam (only on Android devices), while phishing protection prevents you from navigating to dangerous websites (on all smartphones).<\/p>\n

Beyond technical measures, vigilance and general precautions are crucial in combating fake text messages. Instead of tapping links, sign in to your banking app or delivery service website directly from your bookmarks, your smartphone\u2019s home screen, or by manually typing the address into your browser.<\/p>\n

What other tricks do scammers use to try and sneak into your smartphone?<\/p>\n