KUALA LUMPUR — Since September 2024, all telcos have been required by the Malaysian Communications and Multimedia Commission (MCMC) to block messages containing URLs and any clickable links.

However, many Malaysians are still receiving scam SMS messages impersonating government agencies, banks and even courier companies. So the question is, how is this still possible if the telcos are already blocking such messages?

One of the key sources is Fake Base Transceiver Station (Fake BTS) which impersonates legit mobile towers of telcos. These Fake BTS are operated by syndicates and they are constantly on the move.

When you’re connected to one of these Fake BTS, your phone’s network connection tends to drop to E or G temporarily with no data connection. If you’re in a middle of a call, your voice conversation may get disconnected abruptly as your device switches to the Fake BTS.

These Fake BTS units spoof your network ID (e.g. CelcomDigi, Maxis, U Mobile) to trick your device into switching to them. Once connected momentarily, it will quickly push the fake SMS to your phone. It happens so quickly that most users don’t even realise it.

As shown above, these scammers were able to spoof the sender ID, tricking victims into thinking that it was sent from legitimate 5-digit short codes or sender ID such as 15454, MAXIS, GOV, etc. This is where scammers take the opportunity to phish for personal information from victims, including logins, passwords, and verification codes.

These fake messages are transmitted outside your telco’s real network, but to the user, they appear as genuine SMS in the inbox.

Because Fake BTS operate independently of legitimate mobile networks, scammers can still deliver messages with links that bypass the SMS filtering rules enforced by telcos.

Last month, the MCMC and Royal Malaysian Police (PDRM) have managed to take down a scam SMS syndicate under operation “Op Pancing”. As shown in the video, they arrested an individual operating an active Fake BTS inside his vehicle that’s parked around the busy KLCC area.

Based on MCMC’s frequency scan, they have confirmed that the equipment was used to blast out SMS promoting online gambling sites to users around the area. When they asked the individual, he revealed that the Fake BTS is capable of sending about 10,000 SMS daily.

Following the arrest, MCMC and PDRM have also raided a home in Kota Kemuning Shah Alam which stored various Fake BTS equipment and an MPV believed to be used for the operations.