A single person operating from Barcelona has created a sophisticated scam operation leveraging advanced technology valued at 400,000 euros. This individual managed an infrastructure capable of sending up to 2.5 million fraudulent messages daily, highlighting the expansive reach of SIM card farms that have become a tool for criminal groups targeting millions of unsuspecting users worldwide.
What Are SIM Card Farms and How Do They Operate?
SIM card farms are large-scale industrial systems designed to manipulate thousands of SIM cards at once. Central to this system are SIMBOX devices that accommodate hundreds of professional GSM modems. Each modem acts like an independent mobile device, dispatching between 12 and 18 messages per minute. In a recent case dismantled by the Civil Guard, the operator utilized 35 SIMBOX units equipped with 865 active modems, leading to millions of fraudulent calls and messages sent to carefully chosen victims.
The Criminal Business Model
The Civil Guard indicates that these infrastructures have emerged recently due to a government order blocking calls from foreign IP addresses to Spanish numbers, aimed at curbing spam and fraud. Consequently, international criminals have turned to local contacts in Spain, leveraging their technological expertise and understanding of social structures to provide operational local numbers. This innovative approach has given rise to a profitable criminal niche.
How the Scam Works
The operator of this sophisticated scam did not engage directly in fraudulent activities. Instead, they focused on developing and maintaining the infrastructure and rented the services to various cybercriminal networks worldwide, receiving payments in cryptocurrencies. Operating from what appeared to be a call center in a Barcelona café helped legitimise the massive registration of telephone lines. The SIM cards—over 60,000 pre-activated and another 10,000 ready for use—were purchased from various providers and registered under false identities.
Constant Rotation and Automation
The scam operation employed a method of constant number rotation. Sending numbers changed frequently, remaining active for only a short duration to avoid detection by telecommunications companies and authorities. When fraudulent activities were identified, the operators had already switched to new numbers. For specific operations, the mastermind also possessed a portable SIMBOX that enabled remote operation from various locations, including moving vehicles, by utilizing a Wi-Fi connection.
Moreover, these broadcasts were not random. The criminal groups that rented this infrastructure conducted thorough research into their potential victims’ profiles, targeting specific demographics. For instance, they primarily aimed their scams at Russian and Ukrainian nationals residing in Spain, luring them with messages impersonating the National Police or Bank of Spain officials. This targeted approach resulted in significant financial losses; one victim reportedly lost 170,000 euros.
Dismantling the Network
The Civil Guard identified this operation following multiple complaints from victims in Aspe and Novelda (Alicante). Authorities traced the fraudulent activity back to the Barcelona café, which was put under surveillance. Investigations led them to a suspect who frequently left the café carrying large boxes, prompting searches at his residence, the café, and a storage unit, ultimately uncovering the entire criminal operation’s infrastructure.
Consequences and Future Implications
The arrested individual, a 41-year-old Ukrainian computer scientist, was initially released on precautionary measures but was rearrested while attempting to flee the country. According to the Civil Guard, this operation represents the third such SIM card farm dismantled globally, the second in Europe, and the first in Spain. The investigation is ongoing, with estimates suggesting that the monetary losses incurred due to this scam could reach millions of euros.
The threat posed by these mobile farms is a stark reminder of the evolving tactics used by cybercriminals. As technology continues to advance, so too does the need for robust security measures and awareness among the public to safeguard against such scams.

