Greek Police Arrest Scammers in Athens Using Fake Cell Tower for SMS Phishing Operation
Published
Key Takeaways
- Mobile Impersonation: Greek authorities have dismantled a criminal operation that used a fake mobile base station hidden in a car to send mass phishing messages.
- Technical Exploitation: The device forced nearby phones to connect and downgraded them to the less-secure 2G network, allowing the attackers to harvest user data.
- Phishing Objective: The attackers sent SMS messages impersonating banks and courier companies to lure victims into providing sensitive payment card details.
Greek police have arrested two foreigners involved in a sophisticated fake cell tower scam operating in the Athens metropolitan area. Authorities discovered a mobile computing system hidden in the trunk of a vehicle, which functioned as a rogue mobile base station, commonly known as an SMS blaster.
The device, connected to a disguised roof-mounted antenna, allowed the criminals to mimic legitimate telecommunications infrastructure and intercept mobile connections from unsuspecting citizens in the vicinity.
Analysis of the Attack Vector
The individuals, aged 29 and 31, were linked to an SMS phishing (smishing) operation that exploited known security weaknesses in mobile network protocols, and “a case was filed against them for forgery of certificates, fraud, and illegal access to information systems by complicity and intimidation,” said the Hellenic police in a translated announcement.
The fake base station forced nearby mobile devices to downgrade from 4G to the less secure 2G network (which is still supported by some carriers, even though outdated) via a known vulnerability. This allowed attackers, who some reports say are Chinese nationals, to access the device's identifiers (IMSI and IMEI) without authentication and to harvest identifying data, including phone numbers.
They used these numbers in a phishing campaign, sending SMS messages that impersonated banks or courier companies. These messages contained malicious links that tricked victims into entering sensitive financial information, such as payment card details, on fraudulent websites.
Implications for Cybersecurity in Greece
Authorities in Greece have linked the group to at least three confirmed fraud cases in Maroussi, Spata, and Athens, but the full scope of the operation remains under investigation.
Mobile users should remain vigilant against unsolicited messages requesting personal information and to question the authenticity of any link that prompts for login credentials or payment details. A recent case involved a fake PNB MetLife payment gateway for UPI fraud.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular