Saturday December 13, 2025

SIM-Farm Network Powering 49M Fake Accounts

Advisory ID: NCC-CSIRT-2025-019

Summary: 

Europol and Eurojust have dismantled a cybercrime-as-a-service (CaaS) network, Operation SIMCARTEL, which operated large-scale SIM-farm systems used to create over 49 million fake online accounts across more than 80 countries. In Nigeria and West Africa, similar operations threaten KYC integrity, telecom infrastructure, and financial systems, facilitating smishing, phishing, money-mule schemes, and social-media manipulation. Telecom operators, fintech platforms, and regulators must assume that phone numbers can be rented or abused at scale and strengthen verification, detection, and onboarding controls.

Damage/Probability: Critical/High

Product(s): 

  • Mobile network services (SIM cards, SMS/MMS delivery, voice)
  • Mobile Virtual Network Operators (MVNOs), retail SIM distribution channels
  • Online services relying on phone-number verification (social media, messaging apps, Fintech, e-commerce)
  • SMS gateway providers and aggregators

Version(s): 

Not version-specific (Telecom operations, KYC and provisioning processes, Verification services)

Platform(s): 

  • Mobile networks (GSM/3G/4G/5G)
  • SMS/SS7/SS8/SS7-like routing infrastructure
  • Web platforms using phone verification, number-rental marketplaces

Description: 

SIM farms are collections of GSM modems and SIM cards used to automate OTP receipt and account registration. They enable criminals to bypass phone verification and conduct large-scale fraud. In Nigeria, this threat can support financial fraud and phishing schemes, election-related disinformation, bulk SMS scams, and exploitation of weak SIM registration and KYC enforcement. Enhanced telecom monitoring, cross-sector collaboration, and strict KYC compliance are essential to mitigate this risk.

Impacts: 

  • Fraudulent fintech and bank accounts opened with rented SIMs.
  • Smishing campaigns using new numbers to evade blacklists.
  • Large-scale fake social-media profiles spreading scams and misinformation.
  • Weakening of phone-based verification and erosion of trust in KYC systems.
  • Regulatory and reputational risks for operators enabling number abuse.

Solutions: 

Focus Area

Recommended Action

Detection & Monitoring

• Analyze for bulk SIM provisioning or activation spikes.
• Detect SIM-box patterns: high SMS/voice, static IMEI/geo, no normal usage.
• Monitor SMS gateways for mass OTP traffic to diverse destinations.

KYC & SIM Controls

• Enforce strict ID and biometric verification for new SIMs.
• Audit agents/resellers; suspend suspicious bulk activations.
• Implement cooling-off periods before number reuse.

Fraud Prevention

• Apply behavioral/velocity checks for phone-verified accounts.
• Flag SIMs used for multiple OTPs or high-velocity registrations.
• Share intelligence with banks/fintechs on suspect number ranges.

Coordination & Awareness

• Establish shared blocklists for abused numbers/resellers.
• Enable 24/7 monitoring for smishing or fake-account spikes.
• Issue public advisories warning users against unsolicited messages or requests.

 

References: