Europol on Friday introduced the disruption of a classy cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its clients to hold out a broad spectrum of crimes starting from phishing to funding fraud.
The coordinated regulation enforcement effort, dubbed Operation SIMCARTEL, noticed 26 searches carried out, ensuing within the arrest of seven suspects and the seizure of 1,200 SIM field units, which contained 40,000 energetic SIM playing cards. 5 of these detained are Latvian nationals.
As well as, 5 servers had been dismantled and two web sites gogetsms[.]com and apisim[.]com) promoting the service was taken over on October 10, 2025, to show a seizure banner. Individually, 4 luxurious automobiles had been confiscated, and €431,000 ($502,000) in suspects’ financial institution accounts and €266,000 ($310,000) of their cryptocurrency accounts had been frozen.
The international locations that participated within the operation comprised authorities from Austria, Estonia, Finland, and Latvia, in collaboration with Europol and Eurojust.
In keeping with Europol, the prison community has been attributed to greater than 1,700 particular person cyber fraud circumstances in Austria and 1,500 in Latvia, resulting in losses totaling round €4.5 million ($5.25 million) and €420,000 ($489,000) within the two international locations, respectively.
“The prison community and its infrastructure had been technically extremely subtle and enabled perpetrators around the globe to make use of this SIM-box service to conduct a variety of telecommunications-related cybercrimes, in addition to different crimes,” the company mentioned.
The infrastructure provided phone numbers registered to individuals from over 80 international locations to be used in prison actions, together with organising faux accounts on social media and communication platforms with the first aim of obscuring their unique id and site. In all, the service enabled the creation of greater than 49 million on-line accounts.
These accounts had been then used to conduct phishing and smishing assaults and perform monetary fraud by tricking victims into investing their funds in bogus buying and selling schemes. One other concerned contacting them on WhatsApp by posing as their daughter or son, claiming they now have a brand new quantity and asking them to switch cash within the four-figure vary for an emergency.
Among the different offenses that had been made attainable through the platform included extortion, migrant smuggling, and the distribution of kid sexual abuse materials (CSAM).
In keeping with snapshots captured on the Web Archive, GoGetSMS was marketed as a technique to get “quick and safe short-term cellphone numbers,” with greater than 10 million numbers obtainable and obtain verification codes from over 160 on-line providers.
On its web site, GoGetSMS additionally provided the power to monetize present SIM playing cards by turning them into “highly effective belongings for producing passive earnings” utilizing its “specialised software program,” permitting card house owners to earn income for each SMS message despatched to them.
On evaluation web site Trustpilot, paid customers have complained of going through points getting maintain of a brief quantity by way of GoGetSMS, with one consumer claiming that they paid for a U.S. quantity on the platform and didn’t get a working quantity in return. “Tried a number of occasions, wasted each money and time. Assist is totally unresponsive – no assist, no refund, nothing,” the consumer added.
The Latvian State Police, in a coordinated announcement, mentioned the platform was designed for nameless communication and funds, impacting 3,200 individuals in numerous international locations.
