Latvian police have arrested seven people over a cybercrime as a service operation that had been defrauding thousands of victims across Europe.
The group had set up technically sophisticated infrastructure for a series of fraud schemes, offering telephone numbers registered to people from more than 80 countries for use in criminal activities.
Fraudsters set up almost 50 million fake accounts for social media and communications platforms, which were then used for a range of different cybercrimes.
The law enforcement operation, codenamed SIMCartel, was carried out by authorities from Austria, Estonia, Finland, Europol and Eurojust and took place on 10 October. Law enforcement took down five servers and seized 1,200 SIM box devices and 40,000 active SIM cards.
Two websites that had been offering the illegal service – gogetsms.com and apisim.com – have now been taken over by law enforcement, while €431,000 ($374,500) in bank accounts and $333,000 in crypto accounts has also been frozen.
Law enforcement also seized four luxury vehicles as part of the operation.
Europol said the outfit was professionally organized, featuring a sophisticated website and an efficient logistics operation.
"The criminal network offering this service enabled its clients to commit a multitude of serious crimes that would not have been possible at all without masking the perpetrators’ identities," said Europol.
The service was mainly used for phishing and smishing, with some perpetrators specializing in fraud on second-hand marketplaces. They used the SIM card service to create a vast number of fake accounts, which then served as starting points for social engineering campaigns.
Other frauds include the daughter-son scam – persuading victims that their child needs financial help – along with investment fraud. Fake investment websites were set up, and, once serious investors showed interest, they were encouraged to pay large sums for alleged good business opportunities.
The criminals also set up fake online shops and fake bank websites, even impersonating police officers with the use of forged IDs, personally collecting funds from the victims.
"Other offences facilitated by this criminal service include fraud, extortion, migrant smuggling and the distribution of child sexual abuse material," Europol added.
More than 1,700 people in Austria fell victim to the scams, with losses of around $5.3 million, along with more than 1,500 in Latvia, who lost a total of $490,000 .
"Measured by volume, more than 49 million online accounts were created on the basis of the illegal service provided by suspects. The damage caused by the renters of the telephone numbers to their victims amounts to several million euros," said Europol. "The true scale of this network is still being uncovered."
MORE FROM ITPRO
-
Park Place Technologies launches debut partner program in EuropeNews The IT infrastructure specialist is seeking new partners across EMEA to deliver its Entuity Software platform to customers
-
Amazon Web Services outage live: Hundreds of apps including Slack, mobile carriers, banking services downWeb users globally have been impacted by an outage at Amazon Web Services - keep tabs on all the latest updates in our rolling live coverage
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
77% of security leaders say they'd fire staff who fall for phishing scams, even though they've done the same thingNews A new report uncovers worrying complacency amongst IT and security leaders
-
Hackers stole source code, bug details in disastrous F5 security incident – here’s everything we know and how to protect yourselfNews CISA has warned the F5 security incident presents a serious threat to federal networks
-
Hackers are using a new phishing kit to steal Microsoft 365 credentials and MFA tokens – Whisper 2FA is evolving rapidly and has been used in nearly one million attacks since JulyNews Whisper 2FA is now the third most common Phishing as a Service tool worldwide
-
Government urges large enterprises to shore up defenses as NCSC warns UK faces four 'nationally significant' cyber attacks every weekNews UK enterprises of all sizes face escalating cybersecurity threats, ministers have warned
-
Third time lucky? The FBI just took down BreachForums, again
News The hacking forum is down for now, but the group behind it, Scattered Lapsus$ Hunters, isn't going to stop extorting victims of the Salesforce breach
-
A malicious MCP server is silently stealing user emailsNews Koi Security says it's discovered the first malicious MCP server in the wild, exposing a risk to the entire ecosystem
-
NCA confirms arrest after airport cyber disruptionNews Disruption is easing across Europe following the ransomware incident
