Operation SIMCARTEL: Europol Dismantles $5.3M International Fraud Network

European law enforcement agencies executed a sweeping operation, codenamed SIMCARTEL, successfully dismantling an international criminal infrastructure that supplied virtual telephone numbers to fraudsters. According to Europol, this illicit service was instrumental in perpetrating over 3,200 instances of fraud, resulting in cumulative damages exceeding 4.5 million euros.

The foundation of the scheme was a vast network of approximately 1,200 SIM boxes, which collectively housed more than 40,000 active SIM cards. These devices were employed to facilitate a range of telecommunications scams, from sophisticated phishing calls and sham investment offers to extortion and identity impersonation. Crucially, this setup allowed criminals to circumvent telecommunications operators, creating the illusion of legitimate channels and ensuring their anonymity.

Europol further disclosed that the illegal service operated via two primary websites, gogetsms.com and apisim.com. Both domains have been seized and now display a banner indicating ongoing investigative proceedings. The destruction of this infrastructure was the culmination of a collaborative effort between Europol personnel and the Shadowserver Foundation, an analytical organization dedicated to monitoring network threats and tracking cyber-criminal groups.

The gogetsms and apisim services offered clients the ability to rent telephone numbers registered under fictitious identities across more than 80 countries. These numbers were subsequently utilized for the registration and verification of bogus accounts on various online platforms, enabling malefactors to conceal their true geographical location and evade identification. Europol estimates that this system facilitated the creation of over 49 million fraudulent accounts. Approximately 1,700 fraud cases in Austria and 1,500 in Latvia have already been linked to these accounts.

The agency noted the highly sophisticated technical organization of the scheme. Its distributed network allowed clients from disparate nations to leverage it for an extensive range of telecommunication-related crimes, including simple phone deceit and complex combinations involving instant messaging apps, banking websites, and fraudulent brokerage platforms.

Investigators confirmed that the rented numbers were used for diverse fraudulent activities: extortion disguised as a family member in distress (e.g., the “son/daughter” scam on WhatsApp), marketplace deception, illicit migrant smuggling, cloning of bank and investment company websites, and calls impersonating police representatives. In Austria alone, damages from these schemes are estimated at 4.5 million euros (approximately 5.3 million US dollars), with a further 420 thousand euros (around 490 thousand US dollars) incurred in Latvia.

The core phase of the operation was conducted on October 10. The raids resulted in the arrest of five Latvian nationals and two foreign individuals, with a total of 26 searches executed across Austria, Estonia, Finland, and Latvia. Authorities confiscated approximately 1,200 active SIM boxes, hundreds of thousands of prepared SIM cards, five servers, the two domain resources, 431 thousand euros frozen in bank accounts, 333 thousand US dollars in cryptocurrency, and four luxury vehicles.

Europol released video footage from one of the centers housing the “SIM box farm”—a room filled with racks containing hundreds of devices connected to a shared network. The next planned step is a comprehensive computer-forensic analysis of the seized servers to identify the service’s clientele and trace the associated accounts involved in the financial machinations.