Chinese nationals caught in Spata for hi-tech scam with special equipment in the trunk of a car

As emerged from the investigation, the defendants had installed special electronic equipment in a car through which they "misled" the victims' mobile phones.

The method they used is called "SMS Blaster Attack" and is essentially a method of attack where the perpetrators pretend to be a mobile phone antenna.

Through the equipment they had in the car (a computer system with a router and an antenna - a transmitter in the "sky") and, using specific software, they "confused" the users' mobile phones and made them connect to this "fake antenna" instead of the provider's regular one (Cosmote, Vodafone, Nova).

In this way, they managed to gain access and send misleading SMS messages to the victims' mobile phones, without appearing to come from a suspicious number.

In simple words, when users walked or drove near the perpetrators' car-antenna, their mobile phone was confused and connected to it, thinking it was the regular company.

Once the mobile phone was "caught" by this fake antenna, the fraudster could send a message (SMS) directly to the device which was not "caught" by the filters and looked completely real.

Usually these messages are intended to panic the user with phrases such as: “Your bank account has been locked, click here to unlock it” or “You have a pending package, pay 2 euros for shipping”.

If the user clicks on the link in the message, they are transferred to a page that looks like a bank page, but is fake, with the aim of stealing passwords or card details.

The attack is based on exploiting weaknesses in the 2G protocol, which, although outdated, is still supported by a large number of devices for compatibility reasons.

Once the target mobile phone was connected to the perpetrators’ “fake 2G antenna”, they gained access to the device’s identifiers (IMSI and IMEI), without requiring the authentication process.

Through the false database, they sent SMS with a fake sender ID, which falsely presented an official body or banking institution as the sender with phishing links and gained access to their banking data.

After sending the message, the device reconnected to the network, without any visible traces of the attack.

The two Chinese were arrested when an employee of a shopping center in Spata informed the Hellenic Police that these people had made suspicious transactions.

A case was filed against them for “Fraud and Illegal Access to Information Systems by complicity and in continuation, which were committed by two or more who had organized themselves with the aim of committing fraud by profession” and for forming a criminal organization.

How can one protect oneself

• ⁠Do not trust the sender's name: Even if the message says "GOV.gr" or the name of your bank, do not take it for granted.

• ⁠Never click on links: If you receive a message about a problem with an account, close the message and log into the bank's application yourself or call the official number.

• ⁠Turn off and on your mobile phone: If you suspect that something is wrong with your signal or receive strange messages en masse, a restart or temporarily activating "Airplane Mode" helps the mobile phone disconnect from the fake antenna.