Home – Technology – Fake cell towers hidden inside vehicles hijacked thousands of phones, and the warning is brutal: emergency calls can be disrupted too
A moving cybercrime operation in Toronto did something more unsettling than send spam texts. Police say mobile “SMS blasters” made nearby phones connect to fake cellular towers, then pushed out fraudulent messages that looked like they came from trusted companies.
Toronto Police said the first known Canadian case of its kind caused more than 13 million network disruptions and connected with tens of thousands of devices over several months. That made the case less like an annoying inbox problem and more like a public safety warning for anyone who relies on a phone to bank, commute, call family, or reach 911.
The devices worked by pretending to be real cell towers. When activated, they caused nearby phones to connect to the blaster instead of a legitimate mobile network, according to Toronto Police.
Once a phone connected, the user could receive a fraudulent text message. The message might look like it came from a bank, a toll service, a delivery company, or another familiar organization.
That is what makes this scam feel so ordinary at first. It lands in the same inbox as school alerts, bank notices, and reminders from the dentist, but the path it took to get there was anything but normal.
Smishing is not new. Criminals have long used text messages to trick people into clicking links that lead to fake websites built to steal passwords, banking details, or personal information.
What changed here was the delivery method. Rather than relying only on normal telecom channels, the alleged operation used a device that could reach phones nearby by impersonating a tower, making carrier-level filtering much harder to rely on.
Deputy Chief Rob Johnson put the concern plainly. “This wasn’t targeting a single individual or business,” he said. “It had the ability to reach thousands of devices at once.”
The financial risk is obvious. One bad click can drain an account, expose a password, or hand criminals enough information to keep the fraud going.
But Toronto Police warned that the danger did not stop there. Investigators said the network disruptions could temporarily prevent affected devices from connecting to legitimate cell towers, including access to emergency services such as 911 for periods ranging from seconds to several minutes.
That matters in the real world. A few minutes may not sound like much when you are reading an alert on a quiet morning, but in a crash, a medical emergency, or a violent incident, those minutes can feel very different.
Toronto Police said Project Lighthouse began in November 2025 after a cybersecurity partner alerted law enforcement to a suspected mobile SMS blaster operating in downtown Toronto. The device was later detected moving through several locations in the Greater Toronto Area.
On March 31, 2026, investigators executed search warrants at residences in Markham and Hamilton. Two men were arrested, and police said they seized a significant amount of electronic evidence, including several mobile SMS blasters.
A third man turned himself in on April 21, 2026. In total, three men were charged with 44 offenses, including fraud and mischief-related charges, though the charges remain allegations unless proven in court.
Toronto Police described the case as the first known use of this technology in Canada. Still, similar tactics have already appeared elsewhere, which suggests this is not just a local oddity.
In the United Kingdom, Ruichen Xiong was sentenced after using an SMS blaster in a vehicle to run a mass smishing campaign across Greater London in March 2025, according to U.K. Finance. The device acted like an illegitimate cell tower and drew mobile devices away from real networks by appearing to have a stronger signal.
The Philippines also reported arrests in February 2025 involving suspected use of IMSI catchers near military, police, government, and U.S. Embassy sites in Metro Manila. The Philippine News Agency reported that authorities described the equipment as capable of intercepting, manipulating, or disrupting mobile communications.
There is a frustrating part to this story. A careful user can still be pushed toward a fake tower because the first move happens at the signal level, not because someone clicked too soon.
Even so, the old habits still matter. Toronto Police advised people not to click links in unexpected texts, not to share login information through unsolicited messages, and to access banking through official apps or by typing the website directly into a browser.
For U.S. users, the Federal Trade Commission says suspicious texts can be forwarded to 7726, also known as SPAM, and fraud can be reported through the FTC’s reporting system. That will not stop every rogue device, but it helps carriers and authorities spot patterns faster.
This case shows how phone scams are moving closer to the infrastructure people rarely think about. We look at the text, the sender name, and the link, but most of us never question the tower our phone quietly chose in the background.
At the end of the day, the phone in your pocket is only as trustworthy as the network it is talking to. Toronto’s case is a reminder that cybercrime is no longer just hiding in inboxes. Sometimes, it is driving through traffic.
The official statement was published on Toronto Police Service.
Indux is Vozpópuli’s vertical focused on the real economy: industry, business, and applied technology. A space designed to closely follow what drives factories, infrastructure, and large productive sectors, with useful information for professionals, executives, and readers who want to understand where business is headed.
© www.vozpopuli.com • All rights reserved