Latvian police have arrested seven people over a cybercrime as a service operation that had been defrauding thousands of victims across Europe.
The group had set up technically sophisticated infrastructure for a series of fraud schemes, offering telephone numbers registered to people from more than 80 countries for use in criminal activities.
Fraudsters set up almost 50 million fake accounts for social media and communications platforms, which were then used for a range of different cybercrimes.
The law enforcement operation, codenamed SIMCartel, was carried out by authorities from Austria, Estonia, Finland, Europol and Eurojust and took place on 10 October. Law enforcement took down five servers and seized 1,200 SIM box devices and 40,000 active SIM cards.
Two websites that had been offering the illegal service – gogetsms.com and apisim.com – have now been taken over by law enforcement, while €431,000 ($374,500) in bank accounts and $333,000 in crypto accounts has also been frozen.
Law enforcement also seized four luxury vehicles as part of the operation.
Europol said the outfit was professionally organized, featuring a sophisticated website and an efficient logistics operation.
"The criminal network offering this service enabled its clients to commit a multitude of serious crimes that would not have been possible at all without masking the perpetrators’ identities," said Europol.
The service was mainly used for phishing and smishing, with some perpetrators specializing in fraud on second-hand marketplaces. They used the SIM card service to create a vast number of fake accounts, which then served as starting points for social engineering campaigns.
Other frauds include the daughter-son scam – persuading victims that their child needs financial help – along with investment fraud. Fake investment websites were set up, and, once serious investors showed interest, they were encouraged to pay large sums for alleged good business opportunities.
The criminals also set up fake online shops and fake bank websites, even impersonating police officers with the use of forged IDs, personally collecting funds from the victims.
"Other offences facilitated by this criminal service include fraud, extortion, migrant smuggling and the distribution of child sexual abuse material," Europol added.
More than 1,700 people in Austria fell victim to the scams, with losses of around $5.3 million, along with more than 1,500 in Latvia, who lost a total of $490,000 .
"Measured by volume, more than 49 million online accounts were created on the basis of the illegal service provided by suspects. The damage caused by the renters of the telephone numbers to their victims amounts to several million euros," said Europol. "The true scale of this network is still being uncovered."
MORE FROM ITPRO
-
Hounslow Council partners with Amazon Web Services (AWS) to build resilience and transition away from legacy techSpomsored One of the most diverse and fastest-growing boroughs in London has completed a massive cloud migration project. Supported by AWS, it was able to work through any challenges
-
Salesforce targets better data, simpler licensing to spur Agentforce adoptionNews The combination of Agentforce 360, Data 360, and Informatica is more context for enterprise AI than ever before
-
The Scattered Lapsus$ Hunters group is targeting Zendesk customers – here’s what you need to knowNews The group appears to be infecting support and help-desk personnel with remote access trojans and other forms of malware
-
Impact of Asahi cyber attack laid bare as company confirms 1.5 million customers exposedNews No ransom has been paid, said president and group CEO Atsushi Katsuki, and the company is restoring its systems
-
If you're not taking insider threats seriously, then the CrowdStrike incident should be a big wake up callNews CrowdStrike has admitted an insider took screenshots of systems and shared them with hackers, and experts say it should serve as a wake up call for enterprises globally.
-
Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to knowNews The malware has compromised more than 700 widely-used npm packages, and is spreading fast
-
Security experts claim the CVE Program isn’t up to scratch anymore — inaccurate scores and lengthy delays mean the system needs updatedNews CVE data is vital in combating emerging threats, yet inaccurate ratings and lengthy wait times are placing enterprises at risk
-
The US, UK, and Australia just imposed sanctions on a Russian cyber crime group – 'we are exposing their dark networks and going after those responsible'News Media Land offers 'bulletproof' hosting services used for ransomware and DDoS attacks around the world
-
Thousands of ASUS routers are being hijacked in a state-sponsored cyber espionage campaignNews Researchers believe that Operation WrtHug is being carried out by Chinese state-sponsored hackers
-
IBM AIX users urged to patch immediately as researchers sound alarm on critical flawsNews Network administrators should patch the four IBM AIX flaws as soon as possible
