Canadian authorities have arrested three individuals for operating an SMS blaster device, a hardware-based attack vector that mimics a cellular tower to trick nearby mobile devices into connecting to it. Once connected, the rogue device sends phishing SMS messages appearing to originate from trusted entities, directing victims to fraudulent websites designed to steal credentials. While disabling 2G downgrades offers limited protection on Android, experts advise treating SMS as an insecure channel and recommend using end-to-end encrypted communication for sensitive information.
Phishing , Hardware Canadian authorities arrest 3 in SMS blaster phishing scheme April 28, 2026 Share By SC Staff (Adobe Stock) Canadian authorities have arrested three individuals for operating an SMS blaster device, a tool that mimics cellular towers to send phishing text messages to nearby phones. This marks the first time such a device has been detected in the country, as reported by Bleeping Computer. The SMS blaster operates by emitting signals that trick mobile devices into connecting to it, appearing as a stronger, legitimate cell tower. Once connected, the device can push fraudulent SMS messages that seem to originate from trusted entities like banks or government agencies. These messages often contain links to fake websites designed to steal personal information, including banking credentials and passwords. The investigation, dubbed "Project Lighthouse," began in November 2025 after suspicious activity was reported in downtown Toronto. Police believe the SMS blaster was operated from vehicles, enabling it to target large numbers of people across the Greater Toronto Area, resulting in an estimated 13 million instances of mobile network entrapment. Beyond phishing, devices connected to these rogue towers are temporarily disconnected from legitimate networks, potentially hindering access to emergency services. Searches on March 31 in Markham and Hamilton led to the seizure of multiple SMS blasters and other electronic devices, with two suspects arrested and a third surrendering later. While disabling 2G downgrades can offer some protection on Android, it is not effective against advanced setups targeting LTE/5G. Experts advise treating SMS as an insecure channel and avoiding links, recommending end-to-end encrypted channels for sensitive communications. Source: Bleeping Computer SC Staff Related Phishing Robinhood account creation flaw exploited for phishing emails SC Staff April 28, 2026 Attackers abused a flaw in Robinhood's onboarding process, allowing them to inject HTML into account confirmation emails. Threat Intelligence More covert ClickFix variant targeting Windows detailed SC Staff April 28, 2026 HackRead reports that Windows systems have been subjected to a novel ClickFix attack campaign that leverages fraudulent CAPTCHA pages in the lead up to illicit command execution. Government security Chinese spear-phishing campaign targets NASA employees SC Staff April 28, 2026 NASA had its employees and research collaborators reported by its Office of Inspector General to have been subjected to a Chinese spear-phishing campaign aimed at procuring the agency's sensitive data, The Hacker News reports. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds