Chinese Student Caught in London for Massive Smishing Attack Using Rogue SMS Tower | July 2025

Table of Contents

• How the Scam Worked
• Why This Attack Was Hard to Spot
• Who Caught Him
• Lessons for Organisations and the Public
• The Bigger Picture
• Conclusion
•  Frequently Asked Questions (FAQs)

A Chinese student, Ruichen Xiong, has been sentenced to more than a year in prison after admitting he operated a mobile “SMS blaster” that pushed thousands of fraudulent text messages to phones across Greater London. UK investigators say the case demonstrates how criminals are upgrading classic phishing tactics by turning cars into roaming, rogue phone masts.

How the Scam Worked

Xiong drove a black Honda CR‑V containing a suitcase‑sized SMS blaster.
The device created a fake cell tower that broadcast a stronger signal than nearby legitimate masts. Any smartphone within roughly one kilometre locked onto the rogue tower automatically (a behaviour baked into mobile standards). While victims’ devices were connected, the blaster injected bogus texts that looked as though they came from trusted senders such as “Gov.uk” or major banks. Each message carried a link to a phishing page that harvested logins, card data, or other personal details.

Why This Attack Was Hard to Spot

• Mobile carriers’ spam filters never saw the messages – they bypassed the operator network completely.

  
  

• The tower was on the move, making radio‑frequency sweeps difficult.

• The campaign lasted just five days in March 2025, limiting the forensic window.

Who Caught Him

The Dedicated Card and Payment Crime Unit (DCPCU) – a specialist task force funded by UK banks – worked with BT, Virgin Media O2, Vodafone, Three, and Sky to track irregular signal activity. Officers eventually traced the strongest rogue signal to Xiong’s parked SUV, seized the equipment, and matched it to the illegal texts reported by victims.

Technical Details in Plain English

• False base station – a portable transmitter that impersonates a real cell tower.

• Signal boosting – the device cranks transmission power so nearby phones pick it over legitimate masts.

  
  

• Message injection – once a phone is attached, the tower can drop SMS messages straight onto the device without carrier involvement.

• No SIM required – the blaster acts at the radio layer, not through a mobile subscription.

Lessons for Organisations and the Public

Multi‑layer verification
Do not trust urgent links delivered by SMS alone. Use official apps or bookmark genuine URLs.

Carrier‑level defenses
UK operators now share rogue‑tower telemetry in real time; similar partnerships are vital worldwide.

Device hardening
Modern phones that support 4G/5G network authentication (AKA “Cell‑ID verification”) should keep the feature enabled; it helps reject rogue 2G/3G towers.

Law‑enforcement coordination
This conviction shows banking groups, telecoms, and police can dismantle advanced fraud when data is shared quickly.

The Bigger Picture

Mobile‑based phishing (smishing) is outgrowing email scams because text messages feel personal and immediate. With off‑the‑shelf hardware, criminals can now skip telecom gateways entirely and target phones over the air. Cyber‑crime units expect more “drive‑by” base‑station attacks, especially near events where large crowds gather.

Conclusion

If a text claims to be from a government agency, bank, or delivery firm and asks you to click a link or confirm personal information, stop. Open your bank’s official app, call the organisation directly, or type the web address yourself.
Behind a simple SMS could be a moving, high‑power tower designed to steal your identity in seconds.

FAQs

What is a smishing attack?

Smishing is a type of phishing where attackers send fraudulent SMS messages to trick victims into revealing personal or financial information.

Who was Ruichen Xiong?

Ruichen Xiong is a Chinese student sentenced in London for launching a mass smishing campaign using rogue mobile base stations.

What technology was used in the attack?

Xiong used an SMS blaster that functioned as a fake mobile tower to inject SMS messages directly into smartphones.

How did the rogue phone mast work?

The fake mast broadcast a stronger signal than legitimate towers, causing nearby devices to automatically connect.

What kind of messages were sent?

Victims received fake texts appearing to be from trusted sources like “Gov.uk” urging them to verify information or click links.

What was the goal of the smishing campaign?

The goal was to harvest credentials, steal personal data, and potentially gain unauthorized access to accounts.

How many people were affected?

Tens of thousands of potential victims across Greater London were targeted between March 22–27, 2025.

What made the attack difficult to detect?

The moving nature of the vehicle-mounted fake tower and its ability to bypass mobile networks made detection challenging.

What is a rogue base station?

It’s a fake cell tower that impersonates legitimate mobile infrastructure to hijack connections and perform attacks.

What role did mobile providers play?

Providers like Vodafone, BT, and Three collaborated with law enforcement to trace and shut down the rogue signal.

What is the Dedicated Card and Payment Crime Unit (DCPCU)?

DCPCU is a UK police unit funded by the banking industry to fight financial and cybercrime.

Were any phishing websites involved?

Yes, the SMS messages included links to fake websites that mimicked government portals to steal sensitive info.

How did phones connect to the fake tower?

Mobile devices automatically connect to the strongest signal nearby, which the rogue tower exploited.

Did the attacker use any advanced coding?

Yes, messages were programmed and broadcast via custom scripts and phishing payloads crafted to look legitimate.

What is the penalty for such an attack?

Xiong received over a year in prison, highlighting the seriousness of mobile cybercrime.

Can this kind of attack happen elsewhere?

Yes, similar attacks can happen anywhere mobile networks exist, especially in densely populated cities.

How can I protect myself from smishing?

Avoid clicking on suspicious links, verify sources, and use official apps or websites for sensitive tasks.

What should I do if I receive a suspicious SMS?

Report it to your mobile provider, delete it, and never click on embedded links.

Can antivirus apps stop this?

Not always. Because messages are injected outside traditional channels, they may evade device-level detection.

What mobile standards are vulnerable?

Older mobile standards like 2G and 3G are more susceptible to false base station attacks.

Is this different from regular phishing?

Yes, smishing uses SMS and fake cellular signals, whereas phishing often occurs via email or websites.

Did the attacker require special hardware?

Yes, the attacker used a suitcase-sized SMS blaster with radio amplification capabilities.

How far can such rogue towers broadcast?

Up to 1 km in radius, depending on power and environment.

Can phone settings help prevent this?

Some newer phones offer options to restrict cell network access or prioritize encrypted networks.

Are government agencies doing enough?

Agencies are increasing monitoring and encouraging stronger telco partnerships, but evolving threats remain.

How do criminals get access to this tech?

Black markets and DIY kits are making such tools more accessible than before.

Is there a risk to financial apps?

Yes, the attacker could redirect victims to fake login pages mimicking banking apps or portals.

Should I turn off mobile data in public?

Disabling mobile data or Wi-Fi when not needed can reduce exposure, but won’t fully prevent rogue connections.

Can mobile carriers detect fake towers?

With improved telemetry and real-time signal tracing, detection is improving but still challenging.

Is this type of smishing new?

It’s a newer evolution of mobile fraud, combining physical signal manipulation with social engineering.

Will more attacks like this happen?

Experts expect more roaming smishing attacks as mobile threat actors adopt portable base station technology.