Blog | Elisa Industriq

Polystar Real-Time Analytics Stops SMS Blaster Fraud

Written by Elisa Industriq | Jul 2, 2026 7:34:29 AM

By an experienced network and service assurance team.

Understanding the Challenge of SMS Blaster Detection

Most fraudulent text messages still arrive the boring way: cheap, high-volume SMS sent from overseas through unsuspecting routes. But a more sophisticated threat has been spreading across mobile networks: the SMS blaster.

An SMS blaster is, in effect, a mobile network in a car trunk. It carries its own RAN and core, mimics a legitimate operator, and forces nearby phones onto a fake cell long enough to push fraudulent texts — then hands them back to the real network and drives off. Because the spam never crosses the operator’s SMSCs, traditional content-filtering tools see nothing.

This is the story of how some of Polystar’s long-standing customers turned their core network telemetry into a national defense against this kind of attack.

The Problem: Invisible to Traditional Tools

In this market, the operator runs a complex shared infrastructure with many RAN & Core vendors operated by multiple companies. That fragmentation makes it hard to:

  • Collect consistent radio-side telemetry across all vendors and partners.

  • Build a single national view of mobility anomalies, handovers and failures.

  • Spot devices that broadcast fake cells for less than a minute at a time.

Other markets have tackled SMS blasters using RAN-vendor systems. In a multi-operator, multi-vendor environment, that approach would have meant blind spots and impractical integration.

The Approach: Turn Core-Side Data into Actionable Insights

  • Working with Polystar, they built detections on three signals already flowing through its Osix Monitoring and Kalix Analytics.

  • Spam reports forwarded by subscribers to the global short code, with no matching SMS in network logs — strong evidence the message came from outside the real network.

  • Tracking-area updates that referenced “previous systems” not present anywhere in the operator’s configuration — a sign the device had briefly camped on a fake cell.

  • Handover failures involving non-existent target cells, which cluster geographically wherever a blaster operates.

Because Polystar taps at the S1 interface, the operator captured rich metadata — source cell, target cell, tracking area, identifiers — across all RAN vendors and partners in a single, consistent view.  No vendor-specific portal could have done that.