Router SMS Scam: €1000 Bill After 10,000 Texts Sent
The routine act of inserting a SIM card into a mobile router can result in unforeseen financial losses — a fact brought to light by a recent incident in Estonia, where a user received a bill of nearly one thousand euros after more than 10,000 SMS messages were sent from their device over the course of several days.
According to the publication Digigeenius, the cause of this unexpected activity was a compromised mobile router equipped with 4G/5G support. The precise method of compromise remains undetermined, particularly as the device was purchased abroad from an unidentified source.
Mobile routers, commonly employed to establish portable Wi-Fi hotspots, are often equipped with SMS functionality intended for notifications or technical communication. However, this capability is frequently exploited by malicious software to disseminate spam or fraudulent messages — a practice that can lead to substantial financial charges. This is especially problematic for users who insert SIM cards that still have voice and messaging services enabled, rather than limited data-only plans.
While many mobile data plans for hotspots are designed solely for internet usage, not all telecommunications providers enforce restrictions on voice or SMS functionality. Users are often unaware of these potential vulnerabilities, making such setups a convenient entry point for cybercriminals to co-opt routers into their operations.
A thriving market exists for inexpensive routers of dubious origin — devices that are particularly susceptible to exploitation, especially if their firmware remains outdated, factory-default passwords are not changed, or administrative panels are left exposed. Similar incidents have been documented in the past, including in the United States. One such case involved a botnet exploiting a vulnerability in the TP-Link MR6400 router, converting infected devices into mass SMS transmission platforms used for deception and fraud.
The security of these routers is further undermined by their frequent enlistment into larger botnet infrastructures, from which a range of cyberthreats — including phishing campaigns and lateral attacks on connected devices — can be launched. Researchers emphasize that such attacks can begin with something as simple as brute-forcing a password, particularly if the router’s management interface is accessible over the internet.
To mitigate these threats, users are advised to adhere to a few essential best practices: choose routers from reputable manufacturers; update firmware regularly; disable web-based administrative access; close all unused ports; replace default passwords with strong alternatives; periodically reboot the device; and monitor SIM card settings and mobile plan configurations.
Special attention should be paid to SMS functionality — if it is not required, it is highly recommended that it be disabled immediately upon SIM card installation. However, if the router has already been compromised, any user attempts to configure settings may be rendered ineffective by the resident malware. Thus, prevention — along with prudent hardware selection — remains the cornerstone of defense.