Switzerland is investigating a new form of cyber fraud using fake cellphone base stations. Unlike classic phishing emails launched from abroad, these attacks require criminals to be physically present in Switzerland, sometimes just a few meters from their victims.
So what is a fake base station? Imagine a counterfeit mobile antenna. Just like a hacker setting up a fake Wi-Fi hotspot in a café, a fake base station tricks your phone into connecting. Your smartphone, always looking for the strongest signal, can be forced to downgrade from secure 4G/5G to the weak 2G network. Once this happens, attackers can push scam SMS messages directly to you or even intercept the ones you were supposed to receive, such as your bank’s login codes.
The result is a scam that looks authentic and is almost impossible to distinguish from a real operator message. In Switzerland, attackers used this method to send fake parking fine SMS with malicious links. But the same technique could be applied to steal something far more valuable: multi-factor authentication (MFA) codes for online banking, crypto wallets, or enterprise systems.
Why Physical Presence in Switzerland Matters
Until now, most cyberattacks could be launched from anywhere in the world. Fake base stations change the game. To carry out the fraud, criminals must deploy their equipment locally, often in crowded areas, to force nearby phones to connect. This makes it harder for attackers to hide and also gives law enforcement in Switzerland a unique opportunity to track and stop them.
Telecom Operators Hold the Frontline
Mobile operators are Switzerland’s first line of defense. They can detect sudden anomalies such as mass downgrades from 4G/5G to 2G, or unusual bursts of SMS traffic. The challenge is whether these signs are identified and acted upon quickly enough to alert law enforcement and protect customers in real time.
How to Protect Your Smartphone
Smartphones can be configured to resist many of these attacks. Here’s how:
- On iOS (iPhone):
- Apple devices usually prefer 4G/5G but still fall back to 2G if coverage is weak.
- With iOS 16 or newer, go to Settings → Mobile Data → Mobile Data Options → Voice & Data and select 4G/5G only to block 2G fallback (if supported by your carrier).
- On Android:
- Steps vary by model, but usually under Settings → Network & Internet → Mobile Network → Preferred Network Type.
- Choose LTE/5G only. On Samsung and Google Pixel, you can also disable 2G entirely via Mobile Network → Allow 2G (toggle off).
Blocking 2G connections prevents attackers from forcing your device into a vulnerable state.
Protecting Against Malicious Links
Even if a fake SMS slips through, the next defense is against the malicious link it contains. To stay safe:
- Use ZENDATA Mobile Protection Services to block phishing attempts across your devices.
- Never click on links from unsolicited SMS messages, especially those demanding urgent payments.
- Always rely on official apps or websites for transactions and fines.
From Fake Fines to MFA Theft
While fake fines might only cost a few francs, the real danger lies in SMS interception. Criminals could capture your MFA codes and bypass strong security measures to access bank accounts, corporate systems, or personal data. The potential financial and reputational damage is far greater than a handful of fraudulent parking tickets.
