Recent research from the Royal United Services Institute (RUSI) has confirmed that cybercriminals are increasingly deploying portable transmitter-based SMS blasters across busy streets in London to carry out large-scale smishing attacks. These mobile devices, often hidden inside sedans or SUVs, allow attackers to broadcast fraudulent text messages to nearby smartphones without needing the victims’ phone numbers.
These compact transmitters are capable of sending out high-volume SMS blasts that impersonate legitimate organizations by using familiar branding, logos, and spoofed web links. The goal is to trick unsuspecting commuters into disclosing sensitive information such as banking credentials, personal data, or authentication codes—a tactic widely known as smishing (SMS phishing).
Once a victim interacts with the fake message or clicks a malicious link, criminals quickly collect the captured data and use it to conduct more targeted scams. A troubling element of this method is that the messages often appear as flash messages, which bypass traditional mobile network protocols and make them difficult for users to distinguish from standard notifications.
Smishing attempts typically come in various forms. Attackers commonly send messages claiming that a parcel is waiting for delivery, urging recipients to “update their address,” “pay a small customs fee,” or “verify account information.” In other cases, they exploit urgency—such as fake tax updates or account alerts—to coax users into sharing bank details, phone numbers, or one-time passcodes, even when multi-factor authentication is enabled.
These scams are especially effective near transit hubs, where large crowds and time pressure make commuters more vulnerable. People rushing to get to work or catch a train may be more inclined to respond quickly if a message appears to offer a simple on-the-spot resolution.
Meanwhile, the UK’s National Cyber Security Centre (NCSC) has issued a broader alert after several London borough councils reported service disruptions suspected to be linked to cyber threats. Councils including the Royal Borough of Kensington & Chelsea, Hackney Council, Westminster, and Hammersmith & Fulham have all experienced issues.
Hackney Council, in a press statement shared via the Local Democracy Reporting Service (LDRS), confirmed that its systems had been affected by downtime that may be the result of a cyber-attack. The council emphasized that its priority is the protection of resident data and ongoing efforts to investigate the incident.
Join our LinkedIn group Information Security Community!
