What if the text message you just got, sent from your bank’s official number, wasn’t actually from your bank?
Welcome to the world of Fake BTS scams, where cybercriminals hijack the very signals our phones rely on. This isn’t your everyday phishing attempt. It’s more high-tech, more convincing, and more alarming.
What is a Fake BTS Scam?
BTS stands for Base Transceiver Station, a technical term for what most of us simply call a cell tower. It’s the hardware that connects mobile phones to the rest of the network, transmitting voice, SMS, and data. Every time you make a call, send a message, or scroll through your social media feed, your phone is talking to a BTS nearby.
Normally, these BTS units are operated by licensed telecom companies like Telkomsel, Indosat, XL, or SK Telecom. But with the right (illegal) equipment, scammers can set up their own fake BTS (devices that mimic the real thing and trick nearby phones into connecting to them). Once that connection is made, they can send SMS messages that appear to come from trusted sources.
This scam has started to gain traction lately. Victims receive messages that look completely legitimate, usually involving reward points, bank alerts, or limited-time offers. They click a link, thinking it’s safe and unknowingly hand over sensitive personal and financial information.
This article will help you understand what’s really happening behind the scenes such as how this type of scam works, how scammers exploit it, and how to spot the signs before it’s too late.
How Does a Fake BTS Work?
As aforementioned, fake BTS is a rogue device built to mimic real mobile network towers. Unlike legit towers, these fake BTS devices work outside the official networks. They impersonate the network, fool your phone into connecting, and then push out messages or intercept data without detection.
Most of the time, these devices are mobile (operated from a van or car) and have one goal: to get their malicious SMS messages into their targeted victim’s inbox, bypassing telecom filters.
Scammers often spoof official-looking numbers (like BCA’s or other banks’) to send bulk SMS blasts that appear totally legit (BCA, 2025).
The Setup Scammers drive around with a fake BTS device, tricking nearby phones into connecting to their rogue tower. Victims receive an SMS from what appears to be a trusted number (often from their bank) mentioning something urgent like expiring reward points for example.
The Bait The SMS includes a link. Clicking it brings users to a fake website that looks like the bank's site.
The Trap Victims are asked to “redeem” points by inputting personal data, including card details and OTPs. The site may even show a fake error to prompt them to re-enter sensitive information.
The Theft Behind the scenes, fraudsters capture this data and use it to make unauthorized transactions (often on overseas merchant platforms).
Bareskrim Polri arrested two foreign nationals running this exact scam from a mobile setup in Indonesia, suspected of using Fake BTS technology for cyber fraud. However, investigations are still ongoing to uncover a broader criminal network (Intimedia, 2024).
What to Watch Out For
The scary thing about Fake BTS scams is how convincing they can look. The SMS pops up under a trusted name. The language sounds professional. The link looks neat, not messy or suspicious. It’s designed to make you act fast, without questioning it.
That’s why spotting the signs of a Fake BTS attack requires you to be aware of the small red flags that scammers hope you’ll miss when you’re distracted, stressed, or rushing through your day.
Here are some key warning signs you should pay attention to before you click, tap, or trust anything that lands in your inbox:
Urgent, time-sensitive language: Be carefulif the message says things like “last chance today!” or “points expire now!” Scammers love to create a sense of panic because when you're in a hurry, you're less likely to think critically.
Official-looking numbers can lie: Just because the sender's name says “BCA” or “BANK” doesn’t guarantee it’s real. In a fake BTS attack, your phone thinks it’s communicating with your bank, but it's actually being manipulated. Always focus on the content of the message, not just the sender’s name.
Suspicious links: Hover over the link (or better yet, don't click at all). Official banks and institutions rarely, if ever, send important action requests through SMS links.
Requests for personal data or OTPs: No legitimate bank will ever ask you via SMS to fill in sensitive information like your credit card number, CVV code, or OTP. If you get such a request, it's a strong indication that it is a scam.
So, what are the preventative actions?
Don’t click links from SMS messages
Confirm with official channels: Call your bank’s hotline, check their app, or message their verified WhatsApp number (like BCA’s: 0811 1500 998).
Use security tools: Enable two-factor authentication (2FA) on all accounts and use biometric/device-based login where possible. Using solutions like FaceToken and PhoneToken can help eliminate the need for SMS OTPs altogether (VIDA, 2025).
Report suspicious messages: Mobile operators and the Ministry of Communication urge the public to report shady messages. Your report might help prevent the next scam.
Conclusion
Cybercriminals are getting smarter, and fake BTS scams prove that even our phone signals aren’t safe anymore. But staying alert, asking questions, and avoiding impulsive reactions to urgent-sounding SMS messages can go a long way.
Need help protecting your organization or team from phishing and mobile-based scams like this one? Cisometric’s SOC (Security Operations Center) is equipped with advanced threat detection, incident response, and digital forensics to monitor and neutralize threats, before they spread and cause damage.
Top Cyber Attacks in 2024 and How To Prevent Them in 2025
Cybersecurity incidents often bring to mind images of hackers exploiting complex technical technological vulnerabilities. But in reality, many successful cyber attacks don’t happen because of weak systems, they happen because of human errors.
Cybersecurity incidents often bring to mind images of hackers exploiting complex technical technological vulnerabilities. But in reality, many successful cyber attacks don’t happen because of weak systems, they happen because of human errors.
Cyber Deception: Outsmarting Hackers with Their Own Tricks
Imagine setting up a fake vault filled with dummies of valuables. A thief sneaks in, thinking they’ve hit the jackpot, but in reality, they’re in a monitored trap. This is the digital equivalent of Cyber Deception Technology.
Silent calls are often the first step in a scam that can lead to phishing, identity theft, or even AI voice cloning. If you’ve been getting more of these lately, be careful. Scammers are using this tactic to confirm active phone numbers and gather data.
Welcome to cisometric.com! In order to provide a more relevant experience for you, we use cookies to enable some website functionality. Cookies help us see which articles most interest you; allow you to easily share articles on social media; permit us to deliver content, jobs and ads tailored to your interests and locations; and provide many other site benefits. For more information, please review our
Privacy Notice.
