Transcript: Episode 10 - SMS Blasters: The Text Scam That Doesn't Just Steal From You, It Can Get People Killed

I'm going to be honest with you today, I'm a little angry talking about this one. Not frustrated, not mildly concerned, I'm actually angry. Because what I'm about to describe isn't just another scam designed to steal your money or your identity.

It's something that can get people killed. And the people doing it are smart enough to know that. Let's talk about SMS blasters.

An SMS blaster is a portable device. In some cases, it's not much larger than a backpack. And it mimics a cell phone tower.

When it's turned on, it forces every mobile phone within its range to connect to it instead of the real network. And then it sends a mass text message to every single one of those phones simultaneously, disguised as any sender it wants to be. It could be your bank, your national postal service, your tax authority, your phone company, a hospital, an emergency alert system, anything.

In a busy urban area, a shopping mall, a hospital, subway station, or a transit terminal, one of these devices can blast a fake text to thousands of people in seconds. No individual targeting. No personal information needed.

Just proximity. And the texts look completely real. They have official logos, official language, real-sounding links.

They're designed by people who are genuinely, technically skilled at what they do. And I'll come back to that part, because it matters. Here's what I need you to understand about why this is different from a regular phishing text.

A regular phishing text is sent to you specifically. Your number was on a list somewhere. You were targeted.

You can be cautious, and you also can think it through. But an SMS blaster doesn't care who you are. It hits every single phone in its radius at the same moment.

The person standing next to you in the pharmacy. The woman at the table across from you in the coffee shop. Or the man waiting at the bus stop.

All of you. Simultaneously. Now picture the text that lands.

Not a bank fraud alert, because those are easy enough to question. Something more urgent. Something like this.

Urgent. Your building has reported a gas leak. Evacuate immediately via the east exit.

Click here for real-time safety updates. Or, alert. A security breach has been detected on your account.

Your funds are at risk? Verify your identity immediately to protect your balance. Or even this one, which sounds harmless until you think about it now. Your parcel requires immediate customs verification to avoid a return.

Click to confirm. That last one doesn't sound dangerous at all. Until you click the link and hand over your name, your address, your date of birth, and your credit card number to someone who is sitting in a van in the parking lot.

Now, the fake emergency version is worse. Because when thousands of people receive an urgent evacuation alert at the same moment in a crowded public space, people panic. People move fast.

People don't stop to check sources when they believe they're in danger. And that is not a character flaw. That is human instinct.

And the people running these operations are counting on it. A stampede. A panic.

People directed toward a dangerous location by a text that told them it was safe. These are not hypothetical risks. They are documented concerns raised by law enforcement and security researchers within the UK, Australia, Hong Kong, the United States, Canada, and across Europe.

This technology fits in a backpack. The potential for harm fits in nothing. Here's the part that makes me the most furious.

These are not unsophisticated people. You don't build or operate an SMS blaster without knowing what the hell you're doing. You need to understand radio frequency engineering, network protocols, software configuration.

This is not something you stumble into. Marcus Aurelius wrote, Waste no more time arguing about what a good man should be. Be one.

I think about that when I think about the people behind these devices. Because the intelligence required to design, build, and deploy something like this is genuinely impressive. That is the kind of mind that could be solving real problems in the world and helping people.

Building something that actually helps people, come on. Contributing something that lasts. Think about all of that with that intelligence.

But instead, they're using it to blast fake parcel delivery text at pensioners waiting for a bus. I genuinely don't have a word for how wasteful that is or how small. How completely beneath the capability it took to get there.

Here's where my frustration turns into something sharper. In most countries, prosecuting SMS blaster operators is a tangled mess. Depending on where you live, it might fall under telecommunications regulators, consumer protection agencies, local police, or national cybercrime units.

Each with different thresholds, different mandates, and different definitions of the offense. In practice, that fragmentation means someone caught with one, one of these devices, having blasted fake text to thousands of people, having potentially triggered public panic, having collected financial and personal data from hundreds of unsuspecting victims, may face charges that carry the same weight as a relatively minor fraud conviction. That is not proportionate to the harm, not even close.

This is not a property crime. This is not just a financial fraud. When a device is used to impersonate emergency services, government agencies, or financial institutions on a mass scale in public spaces, it is a public safety threat.

Endpoint. In most jurisdictions, the legal framework is still catching up, and the people running these operations, they know it. But two things here.

One, how to protect yourself, and two, how to push back, because both matter. First, treat unexpected urgency as a red flag. Every.

Single. Time. Any text that tells you you need to act immediately, click a link, verify your identity, or confirm personal information, pause.

Real emergency alerts do not ask you to click anything. They do not ask for your banking details or your government ID number. If a text is pushing you to move fast, that urgency is the scam.

Second, the link is the weapon. It doesn't matter what the text says. Parcel delivery, bank alert, emergency notice, account verification, or prize notifications for, oh my goodness.

The moment you click a link in an unsolicited text, you are in their environment now, on their terms. Don't go there. Navigate directly to the official website by typing the address yourself.

Third, verify before you act. If a text claims to be from your bank, your carrier, or a government agency, call the number on the back of your card or the official website. Not the number in the text.

Not the link in the text. Never those. Fourth, report this.

Every country has a National Fraud or Cybercrime Reporting Center. In Canada, it's the Canadian Anti-Fraud Center. In the U.S., it's reportfraud.ftc.gov. In the U.K., it's Action Fraud.

And in Australia, it's ScamWatch. Find yours. Use it.

Every report adds to the data that builds the case for proper legislation. Now, the next part, this next part, I feel strongly about it. So I'm going to ask you directly.

Contact your elected representative, your MP, your senator, your congressman, your member of parliament. Write an email. Make a phone call.

Tell them that SMS blasters used to impersonate emergency services, government agencies, banks, and legitimate businesses should carry serious federal consequences. Not get shuffled between regulatory departments as a gray area. Tell them the deliberate mass deployment of this technology against the public is a threat to public safety at a national level, and the law needs to reflect that.

Now, I know some of you are thinking, does that actually do anything? Yes, it does. Elected officials respond to organized, informed constituents who are clearly not going away. This is literally the mechanism by which laws get changed.

And you, someone who is informed, engage, part of a community that talks to each other, you are exactly the kind of constituent who makes that mechanism work. Now, your parliament or congress website will have a tool to find your representative by postal code or your zip code. Five minutes.

That's worth more than most things you'll do online this week. Now, SMS blasters, they're not coming. They're already here.

They've been seized in the UK, Australia, Hong Kong, the United States, Canada, and across Europe. And the gap between what they're capable of and what legal systems currently do about them is wide enough to drive a truck through. The people that are deploying them are counting on three things.

Your instinct to trust an official-looking message, your instinct to act fast under pressure, and a legal environment that doesn't take this seriously enough to truly deter them. Well, we can work on all three. Now, Epictetus said, he is a wise man who does not grieve for the things which he has not, but rejoices for those which he has.

What we have is awareness, information, a community that talks to each other, and the ability to make noise in the right direction. That's not nothing. In this fight, that's actually quite a lot.

Now, this is Tech 4 Grown-Ups. And if this one made you angry too, good. Channel that anger.

Report the text. Contact your representative. Share this with someone who needs to hear it.

And subscribe from wherever you're listening from. And I'll talk to you in the next one. Have a good day.