Chinese Student Charged in Mass Smishing Campaign to Steal Victims’ Personal Information

Ruichen Xiong, a student from China, has been sentenced to over a year in prison at Inner London Crown Court for orchestrating a large-scale smishing (SMS phishing) campaign.

Xiong deployed a sophisticated SMS Blaster device from the boot of his Black Honda CR-V to target tens of thousands of potential victims across Greater London.

This illicit hardware, functioning as a rogue mobile base station, was designed to overpower legitimate network signals, tricking nearby devices into connecting to it.

Sophisticated SMS Blaster

Once connected, Xiong’s equipment bombarded victims’ phones with fraudulent text messages mimicking trusted entities such as government bodies.

According to the Report, these messages contained malicious links that directed users to fake websites engineered to harvest sensitive personal and financial information for use in fraud.

The arrest and subsequent conviction of Xiong were the result of a meticulous investigation by the Dedicated Card and Payment Crime Unit (DCPCU), a specialized police unit sponsored by the banking industry.

The DCPCU collaborated extensively with major mobile network operators, including BT, Virgin Media O2, Vodafone, Three, and Sky, alongside the National Cyber Security Centre (NCSC) and Ofcom.

This joint effort underscored the importance of cross-sector cooperation in combating the evolving tactics of cybercriminals.

Collaborative Investigation Leads to Conviction

Paul Curtis, Detective Chief Inspector at DCPCU, emphasized the sophistication of such criminal operations and urged consumers to remain vigilant against unsolicited texts requesting personal or financial data.

He advised immediate action by contacting one’s bank and reporting incidents to Action Fraud if a scam is suspected.

Adding to this, Murray Mackenzie from Virgin Media O2 highlighted their proactive measures, noting that over 168 million fraudulent texts have been blocked in the past two years, alongside flagging 50 million suspected scam calls monthly.

The technical expertise and intelligence-sharing among these entities were pivotal, as noted by Les Anderson of BT, who stressed their commitment to enhancing network security to stay ahead of such threats.

NCSC’s Ollie Whitehouse and an Ofcom spokesperson echoed the need for public awareness and a coordinated response to tackle smishing, which continues to pose significant distress and financial harm.

They encouraged reporting suspicious texts to 7726 a free service to help networks identify and block scams.

Beyond Xiong’s case, the DCPCU has made further strides, arresting seven additional individuals and seizing seven SMS Blasters, signaling a broader crackdown on this form of cyber fraud.

For consumers, the Take Five to Stop Fraud campaign offers actionable advice: pause and think before sharing information, question the legitimacy of unsolicited messages, avoid clicking on unknown links, seek a trusted opinion if unsure, and be wary of offers that seem too good to be true.

This case serves as a stark reminder of the persistent ingenuity of fraudsters and the critical need for vigilance in an increasingly connected world.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free