Regular readers of Commsrisk will not require an explanation of a website written in Mandarin that advertises “fake base stations” which can send 150,000 SMS messages per hour across a radius of 3km. Nor will they need an explanation of the following claims made on the same website.
We are a well-known fake base station supplier, the top choice for 4G fake base station purchases. We are a wholesaler and retailer of fake base stations. We offer the latest portable fake base stations with unique features: remote control, support for remote downloading of SMS content, configuration of displayed mobile phone numbers, and vehicle-mounted 4G fake base station equipment for free mass SMS sending over 2G, 3G, 4G, and 5G networks.
Criminals who purchase this equipment may be especially pleased to learn that:
Our fake base station mass SMS sending devices boast excellent performance and excellent after-sales service.
However, even the most diligent reader of Commsrisk may not appreciate the following. This article was originally written in December about a website at AAGSMS.com; we took screen grabs to capture the content of that site. However, between the original draft and date of publication this became an article about a website at SMSZZH.com. The site at AAGSMS.com was live for at least a month but recently went down, presumably because action was finally taken to remove it from the web. SMSZZH.com appeared on the web soon after, and is essentially a copy-and-paste of the same content except that the color scheme was changed from green to red, and there are many more junk pages at the new domain, presumably to fool institutions that search for harmful web content.
Regular readers will appreciate Commsrisk is not a multi-million dollar internet enterprise, nor one of those associations that claim to be a central hub for intelligence about criminal online activity. So why are we able to find the websites used to sell this kind of scam equipment? I suspect the explanation is simple: our AI-powered searches repeatedly look for content relating to SMS blasters when most others do not.
Consumer protection evidently has two tiers. Priority is given to protecting the consumer from scams that might also result in claims against big businesses. Protecting consumers from other scams is an afterthought. If a scam website could potentially result in liabilities for a business with deep pockets, such as a bank, then lots of effort will go into protecting that business by killing the website as soon as possible. But if no business will be a direct loser as a consequence of scam online activity, such as the sale of SMS blasters to criminals around the world, then even Commsrisk can find those scam websites sooner than the institutions that claim to be protecting the public. Google is especially unwilling to tackle adverts for SMS blasters despite, or perhaps because, it has added features to Android to make phones more resistant to fake base stations.
For new readers, SMS blasters are devices used by scammers to send SMS messages to mobile phones while bypassing phone networks entirely, thus negating any filters on unsafe messages that have been implemented by those networks. Like almost everything else, these SMS blasters, which are also known as fake base stations, are made in China. The Chinese authorities had a severe problem with SMS blasters being used to send spam adverts for legitimate businesses and scam messages on behalf of criminals until they instigated a severe crackdown on their sale and use almost a decade ago. This prompted both the manufacturers and the criminal gangs who represented the bulk of their clientele to turn their attention to other countries where the import and use of SMS blasters had not been prohibited, which was essentially the rest of the world because governments tend not to ban things they know nothing about.
Some naive souls still believe SMS blasters are a new phenomenon, despite their long history of use within China. They confuse an absence of evidence in their country with evidence of absence from their country. It is almost certainly the case that many countries have not gathered evidence of SMS blasters being used in their territory because nobody in authority has bothered to look for them. The SMS blaster map on our Global Fraud Dashboard paints a compelling picture of how far the use of SMS blasters has spread. Most of the cases on the map can be linked to China.
Ours is the most comprehensive map of SMS blaster usage worldwide because we run AI-powered multilingual searches to identify each new case that has been reported. However, the map necessarily understates the worldwide spread of SMS blasters because it only includes credible reports. Governments and telcos in some countries have wanted to keep the public ignorant of the discovery of SMS blasters; for example, their prevalence in Japan only became public because ordinary citizens tracked them down. So if the map tells us that fake base stations have been used to send SMS messages in at least 21 countries, how might we determine a potential upper limit for the number of countries where SMS blasters have been imported? It may not be completely reliable, but one way would involve reviewing the claims of a ‘well-known’ wholesale and retail vendor that keeps bouncing back when its website is taken down.
The supplier’s website has been designed to obtain higher search rankings by having separate pages for each country where the vendors hope to sell the SMS blasters. A methodical exploration of the website reveals the names of 68 distinct countries or regions where the vendors would like to sell their equipment. They are:
- Albania
- Algeria
- Austria
- Bahrain
- Bangladesh
- Belgium
- Bolivia
- Brazil
- Bulgaria
- Burundi
- Cambodia
- Chile
- Cuba
- Denmark
- Djibouti
- Estonia
- Ethiopia
- Finland
- France
- Gabon
- Gambia
- Germany
- Ghana
- Greece
- Guatemala
- Hong Kong
- India
- Indonesia
- Iran
- Ireland
- Jamaica
- Japan
- Kazakhstan
- Kenya
- Kuwait
- Kyrgyzstan
- Laos
- Liberia
- Macau
- Malaysia
- Mali
- Monaco
- Morocco
- Myanmar
- Nepal
- New Zealand
- Norway
- Pakistan
- Peru
- Philippines
- Qatar
- Russia
- Saudi Arabia
- Singapore
- South Korea
- Spain
- Suriname
- Tanzania
- Thailand
- Türkiye
- Turkmenistan
- United Arab Emirates
- United States
- Uruguay
- Uzbekistan
- Venezuela
- Vietnam
- Zambia
Cambodia, France, New Zealand and Qatar are just a few of the countries also identified on our global SMS blaster map. Oman, Serbia and Switzerland are flagged on the map but not included in this vendor’s list. Germany, India, Saudi Arabia and the USA are just some of the many countries in this vendor’s list where nobody has yet reported the use of SMS blasters.
How should the authorities in this latter group of countries respond to this news? Should they begin looking for evidence of SMS blasters being operated within their borders? Or should they just trust that criminals think their citizens are not worth stealing from? The first instinct of any government should be to question why scam equipment is being openly sold on the web.
