Chinese Student Indicted for Orchestrating Smishing Campaign to Harvest Personal Data

A Chinese student, Ruichen Xiong, was sentenced at Inner London Crown Court to over a year in prison for orchestrating an extensive smishing campaign that targeted tens of thousands of victims across Greater London.

The conviction follows an investigative operation led by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist law enforcement division sponsored by the banking industry, in close cooperation with major UK mobile network operators and cyber security authorities.

Advanced SMS Blaster Used

Xiong deployed a sophisticated SMS Blaster device from his vehicle, a black Honda CR-V, as he traversed the metropolitan area.

The SMS Blaster, concealed in the boot of the car, operated as an illicit mobile base station, transmitting fraudulent messages to mobile devices within its vicinity.

By emitting a stronger signal than genuine phone masts, the equipment successfully lured devices off legitimate networks, enabling Xiong to deliver deceptive text messages that appeared to originate from trusted organisations, including government bodies.

These smishing texts contained links redirecting recipients to malicious web pages designed to harvest sensitive personal and financial information.

This approach allowed for the mass targeting of thousands of individuals in a matter of days, underscoring the increasing technical sophistication behind modern fraud schemes.

The case highlights the crucial role of industry and regulatory partners including BT, Virgin Media O2, Vodafone, Three, Sky, the National Cyber Security Centre (NCSC), and Ofcom, whose collective interventions were pivotal in both the investigation and the eventual arrest.

According to DCPCU Detective Chief Inspector Paul Curtis, the incident demonstrates the evolving methods used by cybercriminals, who continuously seek to circumvent consumer protection measures.

He stressed the importance of public vigilance and rapid reporting to banks and Action Fraud should individuals suspect they have been targeted by such scams.

Smishing Operation Disrupted by DCPCU

Key network operators echoed the warning, citing ongoing efforts to block fraudulent communications.

Virgin Media O2 reported that it had intercepted over 168 million scam texts and flagged more than 50 million suspicious calls monthly over the past two years.

BT’s Chief Information Security Officer praised the technical collaboration that facilitated the rapid response to this case, emphasizing the need for continued industry-police partnerships in fighting cyber-enabled financial crime.

From a security standpoint, the NCSC’s Chief Technical Officer Ollie Whitehouse pointed to the case as a “powerful example” of effective cross-sector collaboration, underscoring the threat level posed by smishing campaigns and urging the public to report suspicious messages.

Ofcom also reinforced the commitment to consumer protection, noting the rapid evolution of criminal tactics and the necessity for coordinated, multi-agency response.

As part of the broader investigation, DCPCU has made seven additional arrests and seized seven further SMS Blaster devices, signalling significant progress in disrupting organised smishing operations.

According to the Report, The public is urged to remain watchful, refrain from engaging with unsolicited communications, and report suspected scam texts by forwarding them to 7726 or using the reporting function within their messaging apps. Victims of fraud should immediately alert their banks and notify Action Fraud.

Consumers are reminded to follow the “Take Five to Stop Fraud” campaign guidance: pause and critically assess unsolicited requests, reject or ignore suspicious communications, avoid clicking unknown links or attachments, and seek a second opinion when in doubt.

The conviction of Ruichen Xiong serves as a timely reminder of cybercrime’s persistent threat and the importance of collective vigilance.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates