Crowdfund Insider

Cybercrime as a Service: SIM Swap Scam Shuttered in Europe, CEO of Kidas Comments on the Extensive Fraud, Shares How to Avoid SIM Swap Traps

By

Last month, Europol announced that it had arrested seven individuals who were allegedly perpetrators in a SIM Swap scam operation. Described as a Cybercrime-as-a-Service operation, enforcement agencies took down five servers and seized 1,200 SIM box devices and 40,000 active SIM cards.

Thousands of SIM cards were acquired in around 80 countries worldwide to be rented to other criminal organisations.

Investigators from Austria, Estonia, and Latvia, together with Europol and Eurojust, attributed the criminal network to more than 1,700 individual cyber-fraud cases in Austria and 1,500 in Latvia, resulting in total losses of millions of euros. The loss in Austria was estimated at €4.5 million.

Authorities stated they were still uncovering the scale of the criminal operation, while estimating that over 49 million online accounts were created to enable illicit activities by the perpetrators.

over 49 million online accounts were created to enable illicit activities by the perpetrators. Click to Share

The crooks used various methods, such as Phishing, to gain access to targets’ email and banking accounts. Once on the hook, a victim would be fleeced of funds, or subject to extortion, and more.

SIM Swap scams have also frequently been used in crypto theft.

CI recently connected with the CEO of Kidas, Ron Kerbs, an expert on the subject. Kidas is a firm that provides scam protection, including deep fakes, email protection, and more. Our discussion about the European SIM Swap fraud enforcement action is shared below.

Why did it take Europol so long to shut down this SIM Swap criminal activity?

Ron Kerbs: It took so long because this was a Cybercrime-as-a-Service operation. They weren’t just running a few scams; they provided the underlying SIM-box infrastructure (farms) used by thousands of other criminals globally to create 49 million fake accounts.

Dismantling this required immense, coordinated investigative work across over 80 jurisdictions to trace the service platform back to the operators. The delay reflects the sophistication and global scale of the criminal enterprise, not an operational failure by law enforcement.

Was crypto involved in the fraud committed? If yes, how much, how, etc.?

Ron Kerbs: Yes, cryptocurrency was definitely involved. It’s been reported that the operation seized and froze approximately €266,000 to over €333,000 worth of cryptocurrency from the suspects’ accounts, alongside bank funds and other assets.

The decentralized, high-value nature of digital assets is an extremely attractive target for SIM-swap crimes. The network’s services, which created fake accounts and facilitated various scams, directly enabled crypto theft and fraud. The primary mechanism was SIM swapping, which bypasses the most common form of two-factor authentication (SMS-based 2FA) used by many exchanges and digital wallets. Once criminals hijacked a victim’s phone number, they could:

    • Initiate password resets for email and crypto exchange accounts.
    • Receive the one-time passwords (OTPs) via SMS for login verification.
    • Gain full control of the victim’s exchange account or digital wallet, and then drain the crypto assets, which are difficult to trace and reverse.

Should mobile providers shoulder some of the blame or liability for enabling SIM Swap fraud?

Ron Kerbs: Yes, the onus is on mobile providers to implement stronger, multi-layered identity verification protocols that go beyond basic PII before approving any SIM or number transfer. SIM swap fraud is fundamentally a social engineering attack targeting the weak security protocols of mobile carriers.

The attack is successful when a criminal, impersonating the victim, can convince a carrier representative, often through easily-obtained personal data, to transfer a phone number to a new SIM card. This points to two systemic failures on the carrier side:

    • Inadequate Verification Protocols: Current identity verification processes are often too reliant on static, publicly available information, think name, address, or last four digits of a social security number.
    • Insider Threats: In some high-profile cases, the SIM swap is facilitated by corrupt employees within the carrier or its retail partners, proving a critical lapse in internal security controls.
SIM swap fraud is fundamentally a social engineering attack targeting the weak security protocols of mobile carriers Click to Share

Do financial services firms need to up their game in countering this type of fraud?

Ron Kerbs: A decisive yes. While SIM swappings begin at the carrier, the resulting financial damage highlights critical vulnerabilities in financial services firms, especially those in fintech, digital assets, and real-time payments.

While SIM swappings begin at the carrier, the resulting financial damage highlights critical vulnerabilities in financial services firms, especially those in fintech, digital assets, and real-time payments Click to Share

Firms need to evolve their fraud prevention systems beyond reliance on traditional mobile communication:

    • Move Beyond SMS 2FA: This is the single biggest vulnerability enabling SIM swap fraud. Financial services must migrate to stronger authentication methods like FIDO-compliant security keys, biometric authentication, or dedicated authenticator apps.
    • Real-Time Behavioral Monitoring: Solutions should employ real-time AI/ML analysis to flag anomalous user behavior such as a sudden, high-value transaction immediately following a device change or a password reset.

Beyond “don’t click suspicious links,” what are your top recommendations for SIM Swap targets?

Ron Kerbs: While not clicking suspicious links is foundational, my top recommendations are proactive, systemic defenses:

    • Ditch SMS 2FA: Disable SMS-based Two-Factor Authentication (2FA) for all sensitive accounts (email, banking, crypto). Instead, use a hardware security key (e.g., YubiKey) or a Time-based One-Time Password (TOTP) authenticator app like Google Authenticator or Authy.
    • Add a Carrier PIN/Passcode: Contact your mobile provider and request an Account PIN, Passcode, or “Port-Out Protection.” This is a unique, strong password you create that must be provided to an employee before any account changes, including a SIM transfer.
    • Use a Non-Mobile Recovery Email: Ensure your primary email used for financial/crypto accounts does not have your mobile phone number as its main recovery method. Use a separate, dedicated, and highly secured email address instead.
While not clicking suspicious links is foundational, my top recommendations are proactive, systemic defenses Click to Share

Who should victims contact if they experience this kind of theft?

Ron Kerbs: Immediate, simultaneous action is key to mitigating damage:

    • Mobile Carrier (FIRST): Immediately call your carrier from a different phone (landline or friend’s phone) and report an unauthorized SIM change/hijacking. Demand they immediately deactivate the fraudulent SIM and restore service to your original SIM or device.
    • Financial Institutions/Exchanges: Notify all affected banks, digital wallet providers, and cryptocurrency exchanges to freeze or flag your accounts for unauthorized activity.
    • Law Enforcement: File a report with your local police for identity theft and fraud. In the US, victims should also file a report with the FBI’s Internet Crime Complaint Center (IC3), as this provides national visibility into the organized nature of the crime.
Sponsored Links by DQ Promote

 

 

 

© 2026 Crowded Media Group. All Rights Reserved.

 
Send this to a friend