| Commsrisk
By
Eric Priezkalns
19 Jan 2026

The scourge of smishing messages sent by rogue base stations is spreading across Europe but national leaders ignore the underlying security threat.

Police have announced the first ever arrests of smishing SMS blaster scammers in Greece. Regular readers of Commsrisk will anticipate all the essential facts of the case: a false base station was carried in the back of a car; the car was driven through densely populated suburbs of Athens, a major metropolitan area; the phones of victims were downgraded to 2G to bypass the security protocols of subsequent generations; victims received SMS messages that impersonated banks and contained links to phishing websites. But perhaps the most important common factor was that the two driver-operators of the SMS blaster were Chinese.

The arrests in Greece relied upon dumb luck rather than technologies that identify and pinpoint fake base stations. An employee of a shopping mall in Spata, an eastern district of Athens, warned police that two Chinese customers had behaved suspiciously. The police stopped and questioned the Chinese, who presented forged identity documents. The police then proceeded to search their car, where they found an SMS blaster and associated equipment. Three actual cases of fraud have since been tied to messages sent by the SMS blaster. The victims in these cases respectively reside in Spata, in downtown Athens, and in Maroussi, a northern suburb of Athens.

Greek police released an image of the equipment they found; this has been reproduced at the bottom of the article. Regular readers will also recognize another element commonly seen in photographs of devices seized during SMS blaster busts worldwide: a DC-to-AC electricity converter in the distinctive orange case of Chinese manufacturer NFA. We have also collated images of NFA converters that powered SMS blasters in Hong Kong, Japan, Malaysia, the Philippines, Qatar, Serbia, Thailand, Türkiye and the United Kingdom. There is nothing illegal about making and selling devices that convert DC electricity to AC, but the use of the same Chinese manufacturer’s equipment by Chinese criminals arrested in such a wide spread of countries would suggest common supply chains are enabling the intercontinental spread of SMS blaster crime.

A lot is said about the need for collaboration to reduce fraud but the extent of voluntary collaboration can be gauged by:

the widespread, but often unacknowledged dependence on this website to monitor and analyze information about SMS blaster crime from around the world; and
the information provided here for free is not even quoted correctly by the authorities.
The Greek authorities advised their local press that Greece is the fifth European country to be attacked using an SMS blaster. Commsrisk’s open source intelligence is evidently having an impact because press reports of earlier busts usually featured ineptly random lists of a few places where SMS blasters had been found before. The SMS blaster map on our Global Fraud Dashboard shows that Greece is at least the sixth country in Europe to discover smishing messages from SMS blasters carried by car. The other five European countries are, in chronological order of when their cases were reported: France, Norway, the United Kingdom, Switzerland and Serbia. Fake base stations that transmitted SMS messages have also been identified in Türkiye although the Turkish authorities insist those devices were used for espionage instead of smishing fraud. Note also that a Chinese national based in Istanbul was involved in the supply of those fake base stations and that an NFA power converter was used in conjunction with one of them.

The new case from Athens has been added to our SMS blaster map. If you believe a useful purpose is served by the open source intelligence that is automatically harvested by our Global Fraud Dashboard then please consider donating to the crowdfunding campaign we will launch soon. The goal is to finance the development work for a massive expansion of the number of charts on the dashboard and the range of data sources that it monitors.

I draw one overriding conclusion from the general ignorance surrounding the spread of SMS blaster crime: national authorities are not gathering and exchanging intelligence that would help them anticipate the spread of international crimes involving communications tech. They do not formulate plans to protect the public until they have identified crimes occurring within their jurisdictions. If detection depends on dumb luck, as it has in many of the European cases, then a lot of crime can occur before the authorities will react. This is a dangerous approach when dealing with crimes involving electronic communications as they are easily spread to new countries. Insufficient importance is attached to systematically detecting these crimes even though a few countries have researched and implemented technologies to proactively identify SMS blasters. Nor are we thinking strategically about safety. A rogue base station can be used for smishing fraud, or for espionage, or to spread panic.

If I were Vladimir Putin, a former spook with a penchant for destabilizing other countries through black ops and disinformation, then I would be laughing at European governments that talk a lot about preparing for conflict but have not modified mobile networks to reveal how many fake base stations are being transported around the continent. The invasion of Ukraine has prompted a rapid evolution in the ways electronic communications are exploited for warfare. Manufacturers of military drones commonly advertise versions that carry IMSI-catchers, a kind of surveillance device that mimics base stations in much the same way that SMS blasters do. Meanwhile, Europe remains so blasé about SMS blasters that a Chinese national could rent a car in, say, Estonia or Bulgaria, then drive it the whole way to Portugal or Italy, blasting SMS messages along the entire route, without anyone trying to stop him. The method is currently being used for fraud but it could just as easily spread disinformation with the intention to cause mayhem ahead of an invasion.

My guess (and hope) is that 2026 will be the year when most European police and governments will finally stop pretending that SMS blasters are a ‘new’ problem that will simply go away if they ignore it. To put the current European situation into context, consider that the mushrooming of SMS blaster crime was witnessed a decade ago across a similarly-sized geographic region. Chinese legal reports show there had already been over 1,600 separate prosecutions involving fake base stations by 2016. The Chinese authorities responded by taking radical action to punish the manufacture and sale of SMS blasters as well as their use by criminals. It seems they care less about the export of SMS blasters now that the domestic threat has been quelled.

Instead of learning from China’s example, European authorities behave as if there is no need to proactively tackle the supply of SMS blasters. I doubt Europe has the same determination to fight crime as the authorities in China, even if it was capable of marshaling and coordinating resources in the way the Chinese Communist Party can. Fearing they might be overwhelmed by exports from China, various East Asian countries have banned the importation of SMS blasters and run sting operations to disrupt supply lines.

Meanwhile, false base stations can openly be bought through websites — on condition they are never used within China — and Western internet firms including Google do nothing about adverts that promote their sale. Those involved in European legislation and regulation dither over how to write a definition of SMS blasters that can be used to make them illegal without prohibiting legitimate radio telecoms equipment. Presumably these dunderheads will later do what they always do: wait for a crisis to occur then seek praise for reacting to it while pretending there was no way to anticipate it.

Look immediately below for the Greek police photograph of the equipment they seized, and keep scrolling for comparative photos of NFA converters used to power SMS blasters found in (clockwise from top left): Hong Kong; Malaysia; Thailand; Türkiye; the United Kingdom; Manila in the Philippines; Bulacan in the Philippines; Serbia; Qatar; and Japan.