Start a creep with this: who helps scammers get anonymous numbers
SIM cards are becoming an important and scarce tool for committing cybercrimes — the criminal world does not give up trying by any means to expand its pool of numbers to create fake accounts. At the same time, the government has dealt a significant blow to the infrastructure of the shadow business by criminalizing the transfer of subscriber numbers to third parties. The remaining loophole — obtaining cards using fake powers of attorney from the management of companies — is under the close attention of mobile operators and the police. Details can be found in the Izvestia article.
Trusted person
Moscow investigators have brought to justice the first defendant under the new Criminal Code of the Russian Federation on the organization of activities for the transfer of subscriber numbers in violation of the law. The person involved in the case was a resident of the Moscow region.
"It was previously established that a resident of the city of Khimki received an offer from his friend to earn money. It was required to visit the offices of telecom operators and, on the basis of forged powers of attorney on behalf of various legal entities, conclude contracts for the provision of communication services. The attacker also received instructions on how to act if office staff refused to issue SIM cards," the official message on the ministry's Telegram channel says.
The police clarified that he transferred the received SIM cards to the management of third parties. For each successfully executed contract, the guy received a reward of 9 thousand rubles.
Now it's illegal
On September 1, 2025, Article 274.4 of the Criminal Code of the Russian Federation entered into force — "Organization of activities for the transfer of subscriber numbers in violation of the requirements of the legislation of the Russian Federation," Igor Bederov, director of the Internet Search company, recalled.
— This composition is aimed at combating the so-called drops. The article prohibits the organization of activities for the transfer of SIM cards allocated on the basis of contracts with telecom operators to third parties if this act was committed out of self-interest or for the purpose of committing another crime. According to Part 1 of Article 274.4, the perpetrators face punishment in the form of a fine of up to 300 thousand rubles or imprisonment for up to two years. At the same time, the organization of such activities is punishable more severely by a fine of up to 700 thousand rubles or imprisonment for up to three years.
"The drops visit the offices of telecom operators and conclude contracts based on forged powers of attorney on behalf of various legal entities," explains Bederov.
The fact that the person involved has instructions in case of refusal to issue SIM cards indicates careful preparation on the part of the organizers, the expert notes.
A valuable asset
"Crime has been going digital for a long time, but it still depends on basic, tangible infrastructure elements: SIM cards, servers," says Bederov.
The expert emphasizes that restricting criminal access to these elements, as well as to accounts in various services and social networks, is the right tactic. The appearance of Article 274.4 of the Criminal Code of the Russian Federation is a natural and long overdue response to the large—scale epidemic of telecom fraud, he believes.
— The first results of the application of the law are shocking: cases of registration of over 1 million subscriber numbers for 56 people have been identified; the equipment used to commit up to 20 million fraudulent attacks per day has been seized. Moreover, the news about the blocking of 160,000 numbers by the Russian Interior Ministry, whose owners leased accounts to intruders acting in the interests of Ukrainian call centers, confirms that we are talking about combating deep infrastructure for committing serious crimes, from fraud to recruitment [of saboteurs and terrorists].
The official representative of the Ministry of Internal Affairs of Russia, Irina Volk, announced the blocking of 160 thousand numbers handed over by their actual owners the day before. Rented accounts are actively used by intruders, including the organizers of Ukrainian call centers created for multi-vector attacks on Russian citizens.
Paper argument
A law enforcement source said that criminals make duplicate SIM cards of corporate numbers, as well as use fake passports and power of attorney from company officials.
"Most of the time, the company itself has no idea that hundreds or even thousands of rooms have been registered for their company," the Izvestia source explained. — The room itself can "live" for several days or weeks. After contacting law enforcement agencies, it is blocked by operators.
Large telecom operators have significant capabilities to counteract such schemes.
—Operators can analyze data in real time to identify anomalies: mass connections from one person, the use of the same type of template data, connections followed by immediate activity in call centers," a police source explained to Izvestia. — In order to make the scheme with forged powers of attorney impossible, centralized verification of legal entities' documents is necessary in close to real time, using interdepartmental electronic interaction (for example, with the Federal Tax Service and others).
A simple visual check of a paper document in the office has outlived itself, says a police officer.
How anonymity works
The main purpose for which the "SIM card" is issued to a fake person is to call and write messages anonymously. After receiving and activating the SIM card, the attackers create fake accounts on social networks and messengers. And with the help of a SIM card obtained, for example, from a child, fraudsters may try to gain access to financial information or apply for loans.
It is worth noting that Russian and Ukrainian criminals were not the first to use such fraudulent schemes. For example, in the United States in 2021, a criminal group was uncovered that used sim drops for multiple attacks on bank accounts. The attackers logged into mobile banking applications and transferred funds into cryptocurrency. In 2019, in South Korea, the authorities were forced to strengthen control over the sale of SIM cards after analyzing the theft through fake accounts.
Переведено сервисом «Яндекс Переводчик»
