Europol takes down SIM farm network that scammed thousands of victims

A glowing shield formed from glowing points and lines in an abstract landscape to represent security controls.

(Image credit: Getty Images)

Latvian police have arrested seven people over a cybercrime as a service operation that had been defrauding thousands of victims across Europe.

The group had set up technically sophisticated infrastructure for a series of fraud schemes, offering telephone numbers registered to people from more than 80 countries for use in criminal activities.

Fraudsters set up almost 50 million fake accounts for social media and communications platforms, which were then used for a range of different cybercrimes.

The law enforcement operation, codenamed SIMCartel, was carried out by authorities from Austria, Estonia, Finland, Europol and Eurojust and took place on 10 October. Law enforcement took down five servers and seized 1,200 SIM box devices and 40,000 active SIM cards.

Two websites that had been offering the illegal service – gogetsms.com and apisim.com – have now been taken over by law enforcement, while €431,000 ($374,500) in bank accounts and $333,000 in crypto accounts has also been frozen.

Law enforcement also seized four luxury vehicles as part of the operation.

Europol said the outfit was professionally organized, featuring a sophisticated website and an efficient logistics operation.

"The criminal network offering this service enabled its clients to commit a multitude of serious crimes that would not have been possible at all without masking the perpetrators’ identities," said Europol.

The service was mainly used for phishing and smishing, with some perpetrators specializing in fraud on second-hand marketplaces. They used the SIM card service to create a vast number of fake accounts, which then served as starting points for social engineering campaigns.

Other frauds include the daughter-son scam – persuading victims that their child needs financial help – along with investment fraud. Fake investment websites were set up, and, once serious investors showed interest, they were encouraged to pay large sums for alleged good business opportunities.

The criminals also set up fake online shops and fake bank websites, even impersonating police officers with the use of forged IDs, personally collecting funds from the victims.

"Other offences facilitated by this criminal service include fraud, extortion, migrant smuggling and the distribution of child sexual abuse material," Europol added.

More than 1,700 people in Austria fell victim to the scams, with losses of around $5.3 million, along with more than 1,500 in Latvia, who lost a total of $490,000 .

"Measured by volume, more than 49 million online accounts were created on the basis of the illegal service provided by suspects. The damage caused by the renters of the telephone numbers to their victims amounts to several million euros," said Europol. "The true scale of this network is still being uncovered."

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.