How a teenager used a spoof cell tower to steal personal information from thousands of people

  • A New Zealand teenager sent thousands of scam texts using a fake cellphone tower before he was caught.

  • The tactic is called "smishing." It uses a so-called SMS Blaster to trick cellphones.

  • The FBI and FTC have warned of rising smishing scams in the US.

Police in New Zealand say they thwarted a teen who was carrying out a wide-scale "smishing" scam to collect personal data from thousands of people's cellphones.

Most anyone who has taken a corporate cyber security training is familiar with the concept of phishing, a process where scammers contact victims, usually through email, to get the person to share personal information or passwords accidentally.

Smishing, on the other hand, is a form of phishing where criminals use an "SMS Blaster" to send out fake text messages claiming to be from banks, New Zealand police said in a statement. The device acts as a "false cell tower" that "tricks" nearby cellphones into connecting to the network, police say.

The New Zealand police said the teen boy, who has been charged in the smishing scheme, sent out "thousands of scam text messages," including about 700 in a single night using an SMS blaster, which authorities said they had never encountered in New Zealand before.

The messages claimed that the victim's bank account had a fraudulent transaction and urged them to click a link, police said. Around 120 people fell victim to the scheme, compromising their data, but there were no reported financial losses, according to police.

The Federal Trade Commission says that most "smishing" scams in the United States also involve people posing as banks.

"A typical smishing scam message may seem like it's from a bank — maybe your bank — and include a link or phone number to bait you into clicking or calling," the FTC says. "If you do, you stand a good chance of being hooked."

The FBI has issued several warnings about "smishing" scams. In 2022, the bureau warned that large-scale smishing campaigns delivered "hundreds, thousands, or even hundreds of thousands" of text messages in a matter of hours mimicking the IRS.

Read the original article on Business Insider