China’s crime syndicates have reportedly been using “SIM card farms” to send a large volume of fraudulent text messages, resulting in Americans losing over $1 billion.
According to a report by The Wall Street Journal on Wednesday, “SIM card farms” refer to a series of rooms filled with network equipment where servers are loaded with SIM cards that mobile phone users insert into new phones for making calls or sending texts.
Before the United Nations General Assembly meeting in September, the U.S. Secret Service discovered over 300 SIM card servers and 100,000 SIM cards in New York, linking these activities to Beijing. It is the first time the “SIM farm” has entered the public eye.
The report states that Chinese crime syndicates have been using “SIM card farms” to send a large number of false messages to Americans, including fake notifications about overdue tolls and postage fees, all part of a black market connecting foreign criminal networks with server farms. Over the past three years alone, these scams have led Americans to lose more than $1 billion.
Common fraudulent messages include alerts about expired E-ZPass tolls, unpaid postal fees, tax payments to the IRS, and outstanding traffic violation fines in New York City.
According to data from Proofpoint, a company that filters mobile spam messages, reports of E-ZPass toll fraud messages reached a record high of 330,000 in a single day in September. The average monthly quantity of toll fraud messages is about 3.5 times higher compared to January 2024.
Unit 221b, a cybersecurity company that has investigated text fraud cases, found SIM card farms in shared office spaces, drug dens, and auto repair shops. Their Chief Intelligence Officer, Ben Coon, revealed that at least 38 farms are operating across the U.S., with over 200 SIM boxes in cities including Houston, Los Angeles, Phoenix, and Miami.
Adam Parks, Assistant Director of the U.S. Department of Homeland Security Investigations, told The Wall Street Journal that a single person using a “SIM card farm” can send the equivalent of messages to 1,000 phone numbers.
Parks explained that Chinese crime groups typically operate “SIM card farms” remotely while hiring individuals within the U.S. to collaborate on criminal activities. These groups recruit via Chinese social media platform WeChat, providing manuals and real-time technical support.
Criminals use encrypted messaging app Telegram to find individuals to make card transactions in the U.S., hiring about 400 to 500 ‘money mules’ per day.
These recruited individuals receive around $0.12 in return for each $100 gift card purchase, which they use when shopping in-store by tapping their phone on a POS machine as if using their own credit card. They often buy gift cards, use them to purchase goods, and then ship those goods to China.
Fraudsters employ remote tap-to-pay software to create what Parks describes as a “bridge” between a Chinese and American phone, using a technique known as “ghost tapping.”
Edward Driehuis, an Australian cybersecurity strategist, detailed such “ghost tapping” in an interview with ABC. The process involves criminals obtaining victims’ credit card information through text or fake websites, then acquiring a one-time bank password during a payment verification process to replicate a virtual card.
Subsequently, criminal organizations recruit collaborators to physically visit various stores and use Near Field Communication (NFC) technology on their phones to steal credit card information directly from a card reader.
NFC is a short-range wireless communication technology allowing devices to exchange data within 10 centimeters.
Investigators found that criminals often add stolen card numbers to Google and Apple e-wallets located in Asia.
Ford Merrill, a researcher at threat intelligence company SecAlliance, mentioned that criminals add these cards to digital wallets to bypass users’ multiple-factor authentication, essentially informing banks to trust the device.
To protect against such scams, Driehuis advises the public not to click on links in text messages or fake websites. In case of accidental clicks, promptly secure your Google and Apple e-wallets.