Comply with ZDNET: Add us as a most well-liked supply on Google.
ZDNET’s key takeaways
- “SIM farm as-a-service” setups are used for monetary fraud, spam, phishing, and on-line product scalping.
- These hidden telephone factories function within the shadows to assist large-scale scamming and phishing.
- SIM-related scams it’s best to find out about, and how you can keep secure.
Your sister texts you, frantic, requesting a fast money injection to get her out of a sticky state of affairs.
The issue is, you do not have a sister.
Chilly-call insurance coverage scams, faux promotional calls out of your telecommunications supplier, and even panic-inducing phishing calls and texts are a part of our day by day lives. They’re irritating, annoying, and typically, we fall for them. However the place do these calls come from?
Additionally: ‘Job seekers need to be detectives’: 3 indicators that itemizing is a rip-off
Racks of cell phones, SIMs, and mobile modems make up in the present day’s SIM farms, which are sometimes rented to cybercriminals to hold out automated assaults worldwide. Simply because a textual content message seems to have been despatched from an area quantity doesn’t suggest it truly was, and sadly, it’s this entry to native telecom infrastructure that many scammers depend on in the present day when making an attempt to dupe you into trusting the faux messages and calls they ship.
What’s a SIM farm?
A SIM farm is a community of a whole bunch, even 1000’s, of cell SIM playing cards — backed by {hardware} reminiscent of modems and handsets — that function concurrently to carry out quite a lot of duties.
This would possibly recall to mind cryptocurrency mining farms, the place excessive volumes of computing {hardware} and large quantities of electrical energy are used — typically illegally — to mine cryptocurrency. SIM farms, too, require devoted {hardware} and are set to carry out duties, however as an alternative of specializing in crypto or different digital belongings, they’re usually used as communication techniques.
SIM farms themselves aren’t essentially malicious. For instance, companies could use them for telecom-related testing, measuring, and scaling; builders could use them to conduct cell app checks, and so they is also used for professional bulk enterprise messaging.
Additionally: Coping with silent robocalls? Because of this rip-off callers hold quiet
Nevertheless, they’ll — and sometimes are — used with malicious intent. When fraudsters have a community of SIMs at their disposal, they’ll carry out and automate spam texting and calling, sending a barrage of messages to potential victims with little human oversight.
SIM farm-backed phishing, spam, and arranged fraud on this scale causes distress and frustration for us, however the story does not finish there. The U.S. Secret Service additionally believes that these operations might disrupt telco service and could also be utilized by felony teams and cartels to ship encrypted messages to 1 one other.
SIM farms uncovered: 94 places, 17 international locations
A latest investigation by Infrawatch highlights simply how SIM farms work, noting that such rentable infrastructure “enables large-scale fraud and abusive automation.”
The SIM farm community on the coronary heart of this investigation included 94 bodily places containing SIM-related {hardware} throughout 17 international locations. Most of the SIM farms had been positioned within the US, with cases additionally present in Europe and South America.
Additionally: Lock down your AT&T account to forestall SIM swapping assaults – this is how
A shared management panel related every farm to the community, which has been linked to Belarus and to Russian-speaking audiences and promoted throughout Telegram and different on-line channels. SIM-related providers had been related to at the very least 24 business proxy suppliers and 35 mobile suppliers. Few Know Your Buyer (KYC) checks had been discovered, which suggests the community might be accessed by “any buyer,” in accordance with the group.
Sadly, that is removed from the primary time a SIM farm has been found, and every one that spins up represents extra issues for our privateness and safety.
Why are SIM farms an issue?
When SIM farms are operated or accessed by criminals, they’re usually used for bulk messaging, spam, and phishing. As every SIM acts like a separate gadget, it may also be used to create accounts for scalping, to run malicious proxies, or to construct bot networks on social media and boards that unfold misinformation and propaganda.
Bots are a significant difficulty, however as a result of SIM farms additionally give customers entry to quite a lot of geographic areas world wide, this advantages scammers who need native connections of their phishing makes an attempt — reminiscent of US telephone numbers to focus on US residents.
Additionally: I am a tech skilled, and an AI job rip-off virtually fooled me – this is how I caught on
“SIM farms enable a range of illicit and abusive activity at [an] industrial scale and are supported by a broader downstream ecosystem of software, infrastructure, and commercial evasion services,” the group says.
In September 2025, the US Secret Service dismantled a SIM farm — comprising over 300 SIM-based servers and packing over 100,000 SIM playing cards — that was working close to the UN. Legislation enforcement mentioned this community might have been used for excess of phishing, with the potential of mobile blackouts, community site visitors floods, and jammed 911 traces making it a big safety menace.
Solely a month later, Europol supported Operation SIMCARTEL, which led to the shutdown of a SIM farm linked to over 1,700 cyber fraud circumstances in Austria and Latvia.
The authorized drawback
In lots of international locations, SIM farms are authorized, and so they had been as soon as a standard method to conduct professional testing and communication duties. The gear itself is not unlawful, however SIM-farm functions and use are in a authorized grey space and are doubtless difficult for regulators to deal with correctly.
Nevertheless, occasions are altering. Recognizing how SIM farms usually underpin widespread scams, phishing campaigns, and bot-based scalping applications, governments are beginning to take motion.
Additionally: examine if a textual content message is spam on Android – and the free software I depend on
Within the UK, for instance, the federal government intends to ban the “possession and supply” of SIM farms.
“The barrage of scam texts and phone calls we have seen from fraudsters causes emotional distress and financial misery to millions,” mentioned former UK Safety Minister Tom Tugendhat. “The new offense will mean criminals are no longer able to obtain SIM farms and similar technologies to commit fraud. This will give police additional tools to disrupt the vile criminals that target the UK public.”
They will not have any management over SIM farms positioned in different international locations, however it’s a begin.
4 methods to remain protected
- Belief nothing: SIM farms present the infrastructure to ship excessive volumes of spam and phishing messages globally. Simply because a telephone quantity sending you a message seems native doesn’t suggest it is not a rip-off.
- Concentrate on new scams: Rip-off artists change their ways on a regular basis. Gone are the times of scams claiming you’ve got received the lottery. Phishing and fraudulent messages usually seem to return from trusted sources, reminiscent of household, associates, colleagues, or establishments, together with banks and retailers.
- Discover patterns: Generic greetings, grammatical errors, and shortened URL hyperlinks are all usually indicators of a fraudulent message. It is best to by no means click on hyperlinks in textual content messages; in case you aren’t certain whether or not the communication is real, use one other methodology to confirm its contents — reminiscent of making a name.
- Pressing isn’t pressing: If you happen to obtain a message with “urgent” content material, reminiscent of a requirement for fee, a missed supply, and even an SMS supposedly from a member of the family who wants cash for medical therapy, do not forget that fraudsters deal with creating panic, within the hope that their victims will make a rash choice and hand over both their information or their money.
Additionally: I examined NordVPN’s free rip-off checker with actual phishing emails – this is the way it fared
One other SIM-based menace to pay attention to
Fraud, automated spam, and phishing aren’t the one threats that our mobile connections and cell units — nevertheless helpful they’re — expose us to. You also needs to find out about SIM-swapping. Certainly one of ZDNET’s personal writers, Matthew Miller, was a sufferer of this assault, resulting in the compromise of his on-line accounts and the theft of $25,000, which was withdrawn from his checking account to buy cryptocurrency.
Additionally: I have been subscribed to an information elimination service a month now – what I want I knew sooner
SIM swapping happens when a service palms over management of your SIM to a felony. This occurs when a fraudster impersonates you, sometimes by means of a telephone name, and convinces a customer support consultant to switch management of your telephone quantity to them. With sufficient info and your quantity in hand, they’ve a brief window to hijack your accounts by utilizing phone-based 2FA authentication.
Victims will first discover a sudden lack of service, and any on-line account related to their quantity will then be in danger.
The secret’s fast motion, with a sprinkle of luck and numerous willpower. You’ll want to contact your service and regain your quantity, after which comply with Miller’s information on what to do subsequent in case you are a sufferer of this insidious assault methodology.
