The sentencing follows an investigation and arrest by the Dedicated Card and Payment Crime Unit (DCPCU), a specialist banking industry sponsored police unit.

The conviction was achieved thanks to the officers from the DCPCU working with mobile network operators including BT, Virgin Media O2, VodafoneThree and Sky as well as the National Cyber Security Centre and Ofcom.

Between 22 and 27 March 2025 Ruichen Xiong, a student from China had installed an SMS Blaster in his vehicle to commit smishing fraud, targeting tens of thousands of potential victims. 

Xiong drove around the Greater London area in a Black Honda CR-V. This vehicle was used to hold and transport an SMS Blaster around in the boot. 

An SMS Blaster allows offenders to send fraudulent text messages to phones within the vicinity of the equipment and acts as an illegitimate phone mast to send messages. The blaster will draw mobile devices away from legitimate networks by appearing to have a stronger signal. By doing so, the criminal is then able to send a text message to the victim's phone. 

The equipment was programmed to send out SMS messages to victims within a nearby radius of the blaster, designed to look like trustworthy messages from genuine organisations, such as government bodies, where the victim was encouraged to click a link. The link would subsequently take them to a malicious site that was designed to harvest their personal details.

Paul Curtis, Detective Chief Inspector of the DCPCU said: 

Criminals are sophisticated and will continuously make attempts to bypass fraud prevention measures designed to protect consumers. They’ll make every attempt to steal personal and financial information so it’s important that customers are alert to potential threats of fraud, particularly text messages. 

“It’s important to stay alert to potential fraudulent messages, looking for personal and financial information. If consumers think they’ve been scammed, it’s important to contact their bank immediately and report it to Action Fraud.

Murray Mackenzie, Director of Fraud Prevention at Virgin Media O2, said: 

With fraud being the most common crime in the UK, we’re doing everything we can to keep our customers safe and are committed to working with law enforcement and others across industry to bring criminals to justice.

“Over the previous two years, Virgin Media O2 has blocked more than 168 million fraudulent texts from reaching customer phones and we’re flagging more 50 million suspected scam calls each month. However, as this conviction shows, criminals will stop at nothing when targeting the public.  If in doubt, don’t engage with calls and texts from unknown users and report them to 7726 for free so we can help keep you safe from scams.

Les Anderson, Chief Information Security Officer, BT said: 

As the UK’s leading network provider, keeping our customers connected safely and securely is our top priority. We’re constantly evolving our network security to stay one step ahead and protect our customers. I’m incredibly proud of how our team have contributed their technical expertise and intelligence to support the police in this investigation. Collaborations like this are key to protecting the UK from cybercriminals.

NCSC Chief Technical Officer Ollie Whitehouse said: 

This conviction is a powerful example of what can be achieved through close collaboration between law enforcement, industry, regulators, and cyber security experts against an ever-evolving threat.

“Smishing is a serious threat to the public, and we urge everyone to stay vigilant. Reporting suspicious texts by forwarding them to 7726 ensures that even as the threat evolves, we can help protect our communities.

An Ofcom spokesperson said: 

Scammers can cause huge distress and financial harm to their victims, and protecting people is a priority for Ofcom. Criminals are becoming more sophisticated, and a coordinated approach from a range of bodies is the only solution to bring fraudsters to justice and keep people safe. With our support, mobile companies have developed a range of protections to block suspicious text messages. We closely monitor their effectiveness as tactics continue to evolve.

The DCPCU have separately arrested seven people and seized seven SMS blasters. 

Report suspicious text messages by forwarding to 7726 or the report function within your messaging app. People should also contact their bank immediately if they have fallen victim to fraud, and report to Action Fraud on 0300 123 2040.

Advice to consumers

Always follow the advice of the Take Five to Stop Fraud campaign and ‘Stop, Challenge and Protect’ yourself from fraudulent attempts:

1. Take a moment to stop and think before parting with your money or information. It could keep you safe.
2. Ask yourself, could it be fake? It’s ok to reject, refuse or ignore any requests. Only criminals will try to rush or panic you.
3. Don’t click on links or open attachments in unsolicited SMS or emails, even if it appears to be from a company you know.
4. Get a second opinion from someone you trust about what you’ve received.
5. Be cautious of any ‘too good to be true’ offers.