Security experts and police warn of growing cyber threat targeting phones via insecure networks
June 27, 2025 — Google has issued a strong warning to all smartphone users: turn off 2G connectivity on your phones to protect yourself from a new wave of cyberattacks exploiting outdated mobile networks.
The alert comes amid a spike in reports involving “SMS blasters”, malicious tools used by cybercriminals to send fake text messages directly to nearby phones—bypassing mobile carriers and their fraud filters entirely.
How the Scam Works
Instead of relying on a traditional phone number list, attackers use radio equipment to mimic real cellular towers. Phones in the vicinity automatically connect to these fake towers—especially if they still support 2G—and receive fraudulent messages. These can contain phishing links or requests for personal and financial information.
UK police, following the arrest of an SMS-based scammer this week, warned that “criminals aim to bypass fraud prevention systems by pushing messages directly to victims’ phones.” The technique allows them to target high-value areas and operate without needing user phone numbers.
Google confirmed it has detected this type of “SMS blaster fraud” in several countries and stressed the urgency of the threat. “This method bypasses all carrier-level protections,” the company stated. “And evidence shows these scams are growing through vulnerabilities in older cellular communication standards.”
Why 2G is the Weak Link
2G networks—once cutting-edge—are now considered dangerously insecure. Unlike newer technologies such as 4G, 5G, and even 3G, 2G lacks modern encryption and authentication protections. If your phone still connects to 2G, it can fall prey to fake cell towers with ease.
Google and Samsung are now updating Android devices to automatically block 2G networks, especially when Advanced Protection Mode (introduced with Android 16) is activated. Police and cybersecurity experts alike are urging all users to manually disable 2G in their settings, if available.
Tip: Go to your phone’s network or cellular settings and search for “2G.” If you see the option to disable it, turn it off.
Even in countries where 2G networks are no longer in service, devices with 2G still enabled can connect to spoofed towers, making this a device-level vulnerability, not just a network one.
iPhones at a Disadvantage—for Now
Unlike Android phones, iPhones do not currently offer a simple toggle to disable 2G. Apple users would need to activate Lockdown Mode—a broad, restrictive setting meant for high-risk users—to block these attacks. However, users can still filter texts from unknown senders and are strongly advised never to click suspicious links.
Scam Tactics Continue to Evolve
While SMS blasters are a dangerous new tool, the most common scams still involve impersonation of trusted brands. According to cybersecurity firm Trend Micro, last month’s top threats came from scammers pretending to be companies like PayPal, Netflix, Toyota, and Google.
“If something sounds too good to be true, it probably is,” Trend Micro cautioned.
How to Spot a Scam Message
Trend Micro outlined some red flags that can help you identify fraudulent texts:
- Unexpected contact: If a company doesn’t usually text you, verify directly through official channels.
- Poor spelling and grammar: Legitimate businesses take their communication seriously.
- Irrelevant messages: Didn’t order a package or enter a contest? Then it's probably a scam.
Google's Enhanced Protections for Pixel Phones
There’s a silver lining for Google Pixel users. The company is now integrating scam detection and call screening directly into the phone’s setup process, ensuring more users activate these features.
Until now, these protections had to be turned on manually, which many users never did. With this change, Google hopes to boost adoption of these critical tools.
What’s more, Google’s scam detection uses on-device AI—meaning no audio or data is sent to the cloud. Your privacy stays intact.
“No conversation audio or transcription is stored or sent to servers,” Google emphasized.
A Call for Stronger Defaults
Security experts say it’s time for drastic action. Features like scam detection and 2G blocking should be enabled by default, not buried in menus.
Check Point, another major security firm, recently reported that smishing attacks (SMS phishing) have reached record levels in the U.S., with coordinated impersonation of government agencies causing multi-state disruptions.