Ask Onix
Police Uncover Lavish Spending by Fraudsters Behind Text Scams
A London evidence room packed with 8,500-10,000 designer shoes, handbags, and luxury goods exposes how financial fraudsters-particularly those behind smishing scams-squander stolen funds on high-end purchases, investigators revealed this week. The haul, seized during raids by the Dedicated Card and Payment Crime Unit (DCPCU), underscores the scale of profits from text-message fraud, where criminals impersonate banks to drain victims' accounts.
How 'Smishing' Drains Millions from UK Victims
The term smishing-a blend of "SMS" and "phishing"-describes fraudulent texts designed to trick recipients into surrendering passwords, PINs, or cash. Detectives highlighted a recent case where a single offender, 24-year-old Chinese student Ruichen Xiong, sent 15,000 scam messages in five days, netting an estimated £100,000 per month before his June conviction. Xiong, who pleaded guilty to fraud by representation, received a 58-week prison sentence.
Data from UK communications regulator Ofcom shows half of mobile users reported receiving suspicious texts between November 2024 and February 2025. Victims like Gideon Rabinowitz, a 64-year-old former IT manager from Newbury, lost £1,400 in hours after responding to a fake bank alert. "I felt violated," Rabinowitz said. "For days, I didn't know who to trust."
Tools of the Trade: SIM Farms and 'SMS Blasters'
Fraudsters deploy two key devices to flood networks with scam texts:
- SIM farms: Racks of SIM cards enabling mass messaging from multiple numbers.
- SMS Blasters: Portable gadgets that hijack nearby phones to transmit thousands of fraudulent texts in seconds.
The UK government announced plans to ban SIM farms by late 2026, criminalizing possession or supply without legitimate cause. A spokesperson called the measure "a critical step to safeguard consumers" alongside the Telecoms Charter, which mandates stricter SMS security protocols.
'Education Is the Strategic Answer'
Experts warn that policing smishing remains challenging due to its cross-border nature and low traceability. Ciaran Martin, former CEO of the National Cyber Security Centre, urged public vigilance: "Serious businesses never request money or sensitive data via text." He called for improved corporate verification systems to reduce reliance on reactive law enforcement.
"While police can dismantle major operations, we can't arrest our way out of this. The solution lies in teaching people to recognize red flags-and in businesses overhauling how they authenticate customers."
Ciaran Martin, cybersecurity expert
How to Protect Yourself
Authorities advise:
- Never click links in unsolicited texts, even if they appear to come from trusted sources.
- Forward suspicious messages to 7726 (spells "SPAM" on keypads) for network analysis.
- Report fraud to Action Fraud and your bank immediately if compromised.
Resources for victims are available via BBC ScamSafe and Action Line.
