In a significant blow to cybercrime, Europol has successfully dismantled a sophisticated cybercrime-as-a-service (CaaS) platform that operated an extensive SIM farm, enabling a wide array of illicit activities, including phishing schemes and investment fraud. This coordinated law enforcement operation, known as Operation SIMCARTEL, involved 26 searches, leading to the arrest of seven individuals and the seizure of 1,200 SIM box devices containing 40,000 active SIM cards. Notably, five of the arrested individuals are Latvian nationals.
The operation also resulted in the dismantling of five servers and the seizure of two websites, gogetsms[.]com and apisim[.]com, which were used to advertise the illicit services. These websites were taken over on October 10, 2025, and now display seizure banners. Additionally, authorities confiscated four luxury vehicles and froze €431,000 ($502,000) in suspects’ bank accounts, along with €266,000 ($310,000) in cryptocurrency holdings.
The collaborative effort included law enforcement agencies from Austria, Estonia, Finland, and Latvia, working in conjunction with Europol and Eurojust. The criminal network is linked to over 1,700 cyber fraud cases in Austria and 1,500 in Latvia, resulting in financial losses of approximately €4.5 million ($5.25 million) and €420,000 ($489,000) in the respective countries.
Europol highlighted the technical sophistication of the network, stating that it enabled perpetrators worldwide to utilize the SIM-box service for a broad spectrum of telecommunications-related cybercrimes. The infrastructure provided telephone numbers registered to individuals from over 80 countries, facilitating the creation of more than 49 million fake online accounts. These accounts were instrumental in conducting phishing and smishing attacks, as well as financial fraud schemes that deceived victims into investing in fraudulent trading platforms.
One prevalent scam involved fraudsters contacting potential victims via WhatsApp, impersonating their children and claiming to have a new phone number. The scammers would then request urgent financial assistance, often in the form of four-figure sums, under the guise of an emergency.
Beyond financial fraud, the platform’s services were exploited for other serious offenses, including extortion, migrant smuggling, and the distribution of child sexual abuse material (CSAM).
Archived versions of the GoGetSMS website reveal that the service was marketed as a provider of fast and secure temporary phone numbers, boasting access to over 10 million numbers and the ability to receive verification codes from more than 160 online services. The platform also offered users the opportunity to monetize existing SIM cards by converting them into revenue-generating assets through specialized software, allowing card owners to earn income for every SMS message received.
User reviews on Trustpilot indicate dissatisfaction with GoGetSMS’s services. One user reported paying for a U.S. number that did not function, stating, Tried multiple times, wasted both time and money. Support is completely unresponsive – no help, no refund, nothing.
The Latvian State Police, in a coordinated announcement, stated that the platform was designed for anonymous communication and payments, impacting 3,200 people in various countries.
