commsrisk.com - A joint press conference organized on Sunday by the Technology Crime Suppression Division of the Thai police and AIS, the country’s largest mobile operator, shared the results of another operation to locate and capture a fake base station being used to send fraudulent SMS messages. The operation culminated with the arrest of two young Thai men and the seizure of one SMS blaster from their car.
The operation was instigated by a member of the public who advised they had received a scam message. On August 8, the SMS blaster was pinpointed in a Mazda vehicle driving along New Petchburi Road, a major thoroughfare in Bangkok. The vehicle was followed and police arrested its two occupants, both in their early 20’s, when they stopped at a gas station in Bangkok’s Bang Phlat District.
The fake base station was used to send scam messages impersonating banks and comms providers. The messages claimed recipients had received a prize or had earned loyalty points that needed to be redeemed before they expired. These are familiar themes that have also been used for SMS blaster scams in other countries. Victims who clicked the link in the messages were directed to a phishing website. The criminals’ goal is to obtain the banking details of victims so their bank accounts can be plundered.
One of the arrested men told the police that they had been recruited via Telegram messages from a Chinese man who paid them THB2,500 (USD75) a day. Both men admitted the SMS blaster had been driven around on three separate occasions, the earliest of which was August 2 of this year. A spokesperson for AIS stated the device they were using had an effective range of 1-2km and was capable of sending over 20,000 SMS messages a day. Photographs of the arrest and the equipment are reproduced at the bottom of this article.
An industry insider revealed to Commsrisk that Thai telcos have been discouraged from sharing as much information about SMS blaster raids as previously. Public awareness of the risks posed by SMS blasters is higher in Thailand than many other countries because of well-publicized police busts and a concerted effort to warn phone users not to click on hyperlinks in suspicious SMS messages. However, there is now concern that revealing the details of anti-crime operations is helping the criminals to adapt their techniques to better avoid detection.
Cynical telcos that prioritize profits over public safety want splashy news stories about police raids and the arrest of low-level criminals because it creates the appearance that the war against networked crime can be won using these tactics. Responsible professionals understand that detecting the radio comms devices used to commit crime is only a palliative and not a genuine solution. If a radio device is already being used to send fraudulent messages then telcos and the authorities are choosing to react to crime instead of preventing it.
Thai law enforcement has wisely adopted a proactive strategy supported by the country’s telcos. This involved criminalizing the possession of SMS blasters and simboxes before using border controls to stop them being imported into Thailand. However, Thailand’s porous borders with Cambodia and Myanmar, which both serve as safe havens for scam compounds, makes it harder to prevent new scam equipment being smuggled into the country.
The resources that Thailand has devoted to detecting SMS blasters should not be underestimated. But it also shows that relying upon the speedy detection of radio comms equipment used by scammers will never be sufficient. AIS is working with police to find SMS blasters within just a few days of them being activated but gangs keep coming back with more.
Seizing equipment and imprisoning low-level goons does not discourage the criminal bosses that orchestrate these scams. They soon hire new foot soldiers to operate newly-despatched scam tech. Every success in locating radio equipment prompts the criminals to elaborate tactics that make them harder to find next time. Thailand’s experience demonstrates that every country will need to adopt a comprehensive approach to prohibiting and interrupting the supply of radio comms devices that have very few legitimate uses.
This case has been added to the SMS blaster map on our Global Fraud Dashboard. We use AI-powered search to maintain the most comprehensive and up-to-date compendium of reports of fake base stations being used to send SMS messages.
bangkokpost.com - A major private hospital in Thailand has been fined 1.2 million baht after paper patient records were found being used as snack bags, according to the country’s data protection watchdog.
The incident was among five major cases reported on Friday by the government’s Personal Data Protection Committee (PDPC), along with penalties imposed against entities for violating data laws.
The hospital, which was not named, came under scrutiny after paper files from its patient registry were found being used as pouches for crispy crepes, known locally as khanom Tokyo.
The committee’s investigation revealed that over 1,000 protected files had been misplaced after being sent for destruction.
The hospital said it had entrusted document disposal to a small business but failed to follow up. The business owner admitted fault, explaining the documents were leaked after being stored at their home.
The PDPC fined the hospital 1.21 million baht. The disposal business owner was fined 16,940 baht.
In another case, the committee revealed that a state agency leaked the personal information of over 200,000 citizens after a cyber-attack on its web application. The data was later posted for sale on the dark web.
An investigation found inadequate security measures, such as weak passwords and no risk assessment, as well as the absence of a data processing agreement with the web app developer.
A combined fine of 153,120 baht was imposed on both the agency and its private contractor.
The other three cases involved leaks from online retailers and distributors, with fines ranging from 500,000 to 7 million baht.
Since 2024, the PDPC has concluded six cases of personal data violations, totalling 21.5 million baht in fines.
Four alleged European hackers have been arrested in Phuket for deploying ransomware on the networks of 17 Swiss firms. The suspects are accused of causing significant damage and stealing $16 million in Bitcoins from 1,000 global victims.
Forensic analysis by CitizenLab says government is the likeliest perpetrator.
