BTS devices exploited for scams

By TEH ATHIRA YUSOF

PETALING JAYA: The recent foiling of a scam operation involving fake base transceiver station (BTS) devices has highlighted the urgency for the public to be cautious of links received via SMS, even when messages appear to come from trusted numbers.

Cybersecurity specialist Fong Choong Fook said such devices are designed to impersonate legitimate telecommunications towers, causing nearby mobile phones to unknowingly connect to them.

“A BTS is essentially a base station that mimics the operation of a telecommunications company’s cell tower, but on a smaller scale. Think of it like a Wi-Fi hotspot,” he said.

Fong explained that just as a Wi-Fi router openly broadcasts signals for nearby devices to connect, a fake BTS emits a strong signal while pretending to belong to a legitimate telco.

“Due to weaknesses in mobile phone protocols, phones tend to connect automatically to the strongest signal available. That’s why scammers place fake BTS devices in crowded or popular areas to target large groups of people,” he said.

Once a phone connects to a fake BTS, scammers can send messages or SMS directly to the device, often launching phishing campaigns aimed at stealing personal or financial information.

“These scams usually come in the form of SMS messages containing a web link. The public should remember that banks and telcos have been instructed not to include clickable URLs in SMS messages.

“As a general rule, if an SMS contains a link, there is a high chance it was sent by scammers. Do not click on it,” Fong warned.

He added that common tactics include messages claiming a WhatsApp account will be suspended unless immediate action is taken, or fake alerts supposedly from banks or authorities, all designed to create a sense of urgency.

Fong noted that the use of fake BTS devices is not new and has existed for many years, initially being abused for location-based marketing where promotional messages were blasted to users in the vicinity.

“Today, cybercriminals are using the same technology for scams and fraud,” he said.

He added that fake BTS devices can be highly portable, with some small enough to fit into a car boot or be concealed in shop lots or rooftops.

Fong said the recent operation by the Malaysian Communications and Multimedia Commission (MCMC) was part of ongoing enforcement efforts rather than a one-off case.

“MCMC continuously conducts BTS reconnaissance and scanning. Detecting and triangulating the location of a fake BTS is not easy. It requires coordination, technical capability and sustained effort,” he said.

Last week, the MCMC successfully shut down the transmission activities of a fake BTS in Genting Highlands, Pahang, following an integrated operation with a telecommunications company.

The commission detected two vehicles believed to have been used to carry out the illegal transmissions, which were used to intercept telecommunications networks and send fraudulent SMS messages, indicating that the activity was carefully planned.

In a related development, fraud examiner specialist Raymon Ram said licensed financial institutions should enforce robust internal SMS policies, employ secure multi-factor authentication, work closely with telecom authorities and proactively raise consumer awareness to stay ahead of evolving SMS-based fraud.

While banks must secure their own SMS infrastructure, he said the root of the problem lies at the telecom and protocol level, where messages can be manipulated before reaching recipients.

Recently, customers of a bank received SMS notifications from an official code containing links that prompted recipients to tap on them, a tactic used to lure victims.

Although the messages were subsequently removed and the bank rectified the issue, Raymon cautioned that SMS should not be relied on for sensitive actions.

He noted that Bank Negara has already mandated the phasing out of SMS-based one-time passwords, advocating instead for more secure authentication methods such as mobile apps or hardware tokens.

“Banks must also implement fraud monitoring mechanisms that trigger rapid investigations when customers report suspicious messages. Cooperation with telcos and regulators, such as the MCMC, is essential,” he said.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!
Spoofing , phishing , scams

Next In Nation
155,000 migrants join repatriation programme, over 138,000 already sent home
Immigration arrests foreigners for violating entry laws, regardless of nationality, says deputy DG
152 foreign nationals nabbed in immigration raid in KL
MetMalaysia issues thunderstorm alert for Perak, Selangor, Sarawak
Duo rise above financial hardship
LRT3 Shah Alam finally back on track
Autistic teen’s art grabs global attention
Horses take flight at the World Kite Festival
Altantuya’s family returns RM4.8mil damages to govt
All calm in TB-afflicted Felda settlement

Trending in News

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.