Canada Makes First-Ever SMS Blaster Arrests After Mass Phishing Campaign

Canadian police have charged three men with 44 offences in the country's first confirmed SMS blaster attack investigation. The operation, dubbed Project Lighthouse, ran for months across the Greater Toronto Area before law enforcement moved in, and the scale of what investigators uncoveredwas significant.

Rogue Towers Hidden in Vehicles

The devices at the centre of this case were not fixedinstallations. The suspects drove them across Toronto in the backs of vehicles,keeping the blasters mobile and difficult to trace. The hardware mimickedlegitimate cellular towers, pulling nearby phones off their real networks andonto a rogue signal. Once connected, those devices received fraudulent textmessages designed to look like communications from banks, Canada Post, tollroad operator 407 ETR, and parking authorities.

This technique is known as smishing, phishing delivered by SMS. The SMS blaster attack gave the suspects a direct line into victims' inboxes, bypassing the filters and fraud controls that telecom providers apply to messages sent through official channels. The texts contained links to credential-harvesting websites built to steal banking logins, passwords, and personal information.

13 Million Disruptions and a 911 Risk

The investigation found that tens of thousands of devices connected to the rogue towers during the operation. Across those connections, investigators recorded 13 million network disruption events. Each disruption represented a moment when an affected phone was cut off from its legitimate carrier network.

That disconnection carried a consequence beyond phishing. During those windows, affected devices lost the ability to reach emergency services. Phones connected to the blaster could not dial 911. Deputy Chief Rob Johnson addressed this directly at the April 23 press conference:

"This wasn't targeting a single individual or business. It had the ability to reach thousands of devices at once. And beyond the financial risk, there are real public safety implications."

The total financial losses from the fraud have not yet been determined. Victim identification remains ongoing.

How Project Lighthouse Came Together

The investigation began in November 2025 after a cybersecurity partner alerted law enforcement to suspicious activity in downtown Toronto. Police tracked the operation over several months, coordinating with the RCMP's National Cybercrime Coordination Centre, York Regional Police, Hamilton Police Service, financial institutions, and telecom providers.

On March 31, officers executed search warrants at properties in Markham and Hamilton. Two suspects were arrested and multiple SMS blasters were seized alongside a large volume of electronic evidence. A third man turned himself in on April 21. The three individuals, aged between 21 and 27, now collectively face 44 charges. Those charges include fraud, mischief, personation with intent to gain advantage, and fraudulent interception of computer systems.

Detective Sergeant Lindsay Riddell confirmed that the seized devices were custom-built. Police have deliberately withheld technical details to avoid assisting future threat actors. Riddell also said investigators are confident the specific threat has been contained.

"We're pretty confident that we have dealt with all of them and there will be no further risk in the city of Toronto for this," she said.

A First in Canada, Not the World

This SMS blaster attack is the first of its kind documented in Canada, but the method is not new globally. Similar operations have been recorded in the United Kingdom, the Philippines, and Greece. In the Philippines, authorities arrested two Chinese nationals in February over a comparable scheme in which drivers carried IMSI devices through areas near government buildings and military installations.

The Toronto case fits a pattern of increasingly mobile, increasingly scalable fraud. Attackers no longer need to compromise a network or breach a database. A device in the back of a car, driven through a busy urban area, can reach tens of thousands of potential victims in a single pass with messages that appear entirely legitimate.

What Users Can Do Now

Police confirmed the immediate threat has ended, but smishing through conventional channels remains active. Fraudulent texts did not start with SMS blaster technology and will not stop now that this operation has been dismantled.

The advice from investigators is practical. Do not click links in unsolicited text messages, even when they appear to come from a known organisation. Do not enter credentials or personal information through a link sent by text. Access online banking by typing the address directly into a browser or by using the bank's official app. If you receive a suspicious message, report it.

Android users can reduce exposure to SMS blaster attacks by disabling 2G network fallback in device settings. This prevents phones from downgrading to the older signal standard that many blaster devices exploit. The protection is not absolute, but it closes a common entry point.