A 19-year-old man was arrested in August after an “SMS Blaster” was discovered operating in New Zealand for the first time, sending thousands of alleged scam messages to unsuspecting victims.

The Department of Internal Affairs (DIA) was alerted to the scam in late July, when “irregularities” were found between information received through its public reporting system and its banking and mobile network early warning systems.

Soon after, the DIA and police — supported by other government organisations, the banking and mobile phone sectors, and the Australian Federal Police — launched an investigation dubbed Operation Orca.

On August 23, a search was carried out at a Central Auckland address, where a 19-year-old man was arrested and what police called a “smishing device” was found.

The device, also known as an “SMS Blaster”, is a fake cell tower that tricks nearby devices into connecting to a fraudulent network. It then sends fraudulent text messages claiming to be from banks to trick victims into sharing details like passwords and credit card information.

Police said the device found was believed to have sent “thousands” of scam text messages, including 700 in one night.

“The text claimed the recipient’s bank account was being checked for fraudulent funds and urged them to click a verification link,” Police National Organised Crime Group director Detective Superintendent Greg Williams said.

“This redirected the recipient to phishing sites, imitating official bank domains, where unsuspecting customers then entered their personal details, including customer ID and password.”

An example of what the SMS texts looked like.

He said almost 120 people were affected by the scheme, but no financial losses were reported.

The arrested man was charged with interfering with a computer system and will reappear in the Auckland District Court on Tuesday, December 10.

Williams said it was the first time one of these devices had been found in New Zealand.

“By working together, we have been able to counter this technology, locate the alleged offender and prevent what could have been large-scale financial losses for many New Zealanders,” he said.

“Cyber-enabled scams are becoming increasingly prevalent, with unscrupulous fraudsters stopping at nothing in their attempts to swindle innocent people out of their hard-earned money.”

ANZ NZ’s head of customer protection Alan Thomsen said banks would “never send our customers text messages asking them to click on a link to log into internet banking or provide their customer information”.

ASB executive general manager for technology and operations David Bullock reminded Kiwis to remain aware of scams.

“We remind New Zealanders to exercise caution, not click on links in text messages, or provide personal information, log-in details or transfer any money after receiving a cold call or text message,” he said.

“If you think your account has been compromised, call your bank as soon as possible on its publicly listed phone number.”

Share.