Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- “SIM farms-as-a-service” setups are used for financial fraud, spam, phishing, and online product scalping.
- These hidden phone factories operate in the shadows to support large-scale scams and phishing.
- All you need to know about SIM scams and how to stay safe.
Your sister messages you in distress, requesting quick cash payment to get her out of a sticky situation.
The problem is that you don’t have a sister.
Cold-call insurance scams, fake promotional calls from your telecommunications provider, and even panic-inducing phishing calls and texts are part of our daily lives. They are frustrating, annoying and sometimes, we fall for them. But where do these calls come from?
Also: ‘Job seekers have to be spies’: 3 signs that the listing is a scam
Racks of mobile phones, SIMs, and cellular modems make up today’s SIM farms, which are often rented to cybercriminals to carry out automated attacks around the world. Just because a text message appears to be sent from a local number does not mean it actually was, and unfortunately, it is access to local telecommunications infrastructure that many scammers today rely on when they try to trick you into trusting the fake messages and calls they send you.
What is SIM form?
A SIM farm is a network of hundreds, even thousands, of mobile SIM cards – supported by hardware such as modems and handsets – that work together to perform a variety of functions.
This may be reminiscent of cryptocurrency mining farms, where large amounts of computing hardware and huge amounts of electricity are used to mine cryptocurrencies – sometimes illegally. SIM farms also require dedicated hardware and set up to function, but rather than focusing on crypto or other digital assets, they are often used as communication systems.
SIM farms themselves are not necessarily malicious. For example, businesses can use them for telecommunications-related testing, measurement, and scaling; Developers can use them to conduct mobile app testing, and they can also be used to send legitimate bulk business messages.
Also: Dealing with silent robocalls? This is why scammers remain silent
However, they can be – and often are – used with malicious intent. When fraudsters have a network of SIMs, they can execute and automate spam texting and calling, and send a series of messages to potential victims with less human oversight.
Sim farm enabled phishing, spam and organized fraud on this scale causes us sadness and disappointment, but the story does not end here. US Secret Service also believes That these operations can disrupt telecom service and can be used by criminal groups and cartels to send encrypted messages to each other.
SIM farms exposed: 94 locations, 17 countries
a fresh Investigation Infrawatch highlights how SIM farms work, noting that such rentable infrastructure “enables large-scale fraud and abusive automation.”
The SIM Farm network at the center of this investigation consisted of 94 physical locations containing SIM-related hardware in 17 countries. Many SIM farms were located in the US, with examples also found in Europe and South America.
Too: : Lock Your AT&T Account to Prevent SIM Swapping Attacks – Here’s How
A shared control panel connects each farm to the network, which is tuned to Belarussian and Russian-speaking audiences and promoted on Telegram and other online channels. SIM-related services were linked to at least 24 commercial proxy providers and 35 cellular providers. According to the team, some Know Your Customer (KYC) checks were found, suggesting that the network could be accessed by “any buyer.”
Unfortunately, this is not the first time a SIM farm has been discovered, and everything that goes around represents more problems for our privacy and security.
Why are SIM farms a problem?
When SIM farms are operated or accessed by criminals, they are often used for bulk messaging, spam, and phishing. Since each SIM works like a separate device, it can also be used to create accounts for scalping, run malicious proxies, or create bot networks on social media and forums that spread misinformation and propaganda.
Bots are a major issue, but because SIM farms give users access to different geographic areas around the world, it benefits scammers who want a local connection in their phishing attempts – such as US phone numbers to target US citizens.
Also: I’m a tech professional, and an AI job scam almost fooled me — here’s how I got caught
“SIM farms enable a variety of illegal and abusive activities on an industrial scale and are supported by an extensive downstream ecosystem of software, infrastructure and commercial piracy services,” the team says.
In September 2025, the US Secret Service demolished A SIM farm – consisting of over 300 SIM-based servers and over 100,000 SIM card packs – was operating near the United Nations. Law enforcement said this network could have been used for more than phishing, with the potential to cause cellular blackouts, network traffic floods and jammed 911 lines, making it a significant security threat.
Only one month later, Europol endorsed the operation. simcartelWhich led to the closure of a SIM farm linked to more than 1,700 cyber fraud cases in Austria and Latvia.
legal problem
In many countries, SIM farms are legal, and they were once a common way to perform legitimate testing and communications tasks. The device itself is not illegal, but SIM-farm applications and usage are in a legal gray area and can be challenging for regulators to properly handle.
However, times are changing. Recognizing how SIM farms often fuel widespread scams, phishing campaigns and bot-based scalping programs, governments are starting to take action.
Also: How to check if a text message is spam on Android – and the free tool I trust
For example, in the UK the government intends to To ban “Possession and supply” of SIM forms.
“The flood of fraudulent messages and phone calls we have seen from fraudsters is causing emotional distress and financial distress to millions of people.” Said Former British Security Minister Tom Tugendhat. “The new offense will mean criminals will no longer be able to obtain SIM farms and similar technology to commit fraud. This will give police additional tools to disrupt rogue criminals targeting the UK public.”
They will have no control over SIM farms located in other countries, but it is a start.
4 ways to stay safe
- don’t trust anything: SIM farms provide the infrastructure to send large volumes of spam and phishing messages globally. Just because the phone number sending you messages seems local, doesn’t mean it’s not a scam.
- Beware of new scams: Scam artists change their tactics all the time. Gone are the days of claiming that you have won the lottery. Phishing and fraudulent messages often appear to come from trusted sources, such as family, friends, coworkers, or institutions including banks and retailers.
- pay attention to the pattern: Generic salutations, grammatical errors, and shortened URL links are often indicators of a fraudulent message. You should never click on links in text messages; If you are not sure whether the communication is genuine, use another method to verify its contents – such as making a call.
- Urgent is rarely urgent: If you receive a message with “urgent” content, such as a demand for payment, a missed delivery, or even an SMS allegedly from a family member who needs money for medical treatment, remember that fraudsters focus on causing panic in the hope that their victims will make a hasty decision and hand over their data or their cash.
Also: I tested NordVPN’s free scam checker with real phishing emails – here’s how it performed
Another SIM-based threat to be wary of
Fraud, automated spam, and phishing aren’t the only threats to which our cellular connections and mobile devices – no matter how useful they may be – expose us. You should also know about SIM-swapping. One of ZDNET’s own writers, Matthew Miller, was the victim of this attack, which led to his online accounts being compromised and the theft of $25,000, which was withdrawn from his bank account to purchase cryptocurrency.
Also: I’ve been subscribed to a data deletion service a month ago now – I wish I’d known this sooner
SIM swapping occurs when a carrier hands over control of your SIM to a criminal. This happens when a fraudster impersonates you, usually via phone call, and convinces a customer service representative to transfer control of your phone number to them. With enough information and your number, they have a small window to hack your accounts using phone-based 2FA authentication.
Victims will first notice a sudden loss of service, and then any online accounts associated with their number will be at risk.
The key is quick action, combined with a bit of luck and a lot of determination. You’ll need to contact your carrier and retrieve your number, and then follow Miller’s guidance on what to do next if you’re a victim of this deadly attack method.
