What Is SIM Swap Fraud?

SIM swap fraud — also called SIM hijacking or port-out scam — is an attack where a criminal convinces your mobile carrier to transfer your phone number to a SIM card they control. Once they have your number, they can intercept SMS-based verification codes, effectively breaking into any account that uses your phone number for two-factor authentication (2FA).

The consequences can be severe: bank accounts drained, email accounts compromised, cryptocurrency stolen, and social media accounts taken over — all within hours of the number being transferred.

How Does a SIM Swap Attack Work?

  1. Information gathering: The attacker collects personal data about you — name, address, date of birth, last four digits of your SSN — often through data breaches, phishing, or social media research.
  2. Contacting your carrier: They call your carrier's customer service (or visit a store) and impersonate you, claiming they've lost their phone or need to switch to a new SIM.
  3. Passing verification: Using your stolen personal information, they answer the carrier's security questions and convince the representative to port your number.
  4. The takeover begins: Your phone loses signal. The attacker now receives all your calls and texts — including 2FA codes — and begins accessing your accounts.

Warning Signs You May Be a Victim

  • Your phone suddenly loses all network service (no calls, no texts, no data)
  • You receive unexpected notifications about account changes you didn't make
  • You can no longer log into email, banking, or other accounts
  • You receive a text from your carrier confirming a SIM change you didn't request

If this happens, act immediately: Contact your carrier by any means available (Wi-Fi calling, a different phone, in-store) and alert your bank and any other critical services.

How to Protect Yourself: 7 Concrete Steps

1. Set a SIM Lock / Port Freeze with Your Carrier

Most major carriers allow you to add a SIM lock or port-out PIN to your account. This requires anyone requesting a number transfer or SIM change to enter a specific PIN that only you know. Call your carrier and ask specifically for this feature — it's the single most effective defense.

2. Use a Strong Account PIN and Password

Ensure your carrier account has a strong, unique PIN or password. Avoid obvious choices like your birthday or the last four digits of your SSN — which are exactly what attackers use.

3. Switch Away from SMS-Based 2FA for Critical Accounts

SMS codes are the primary target of SIM swap attacks. Wherever possible, use an authenticator app (such as Google Authenticator or Authy) or a hardware security key instead. These are not linked to your phone number and cannot be intercepted via SIM swap.

4. Limit the Personal Information You Share Online

Attackers often use details found on social media to answer security questions. Avoid posting your full birthdate, hometown, mother's maiden name, or other information commonly used for identity verification.

5. Set Up a Carrier Notification Alert

Enable account alerts with your carrier so you receive email or app notifications whenever account changes are made, including SIM changes.

6. Use a Google Voice or Similar Number for 2FA

Some security-conscious users register a secondary number (like Google Voice) for 2FA on critical accounts, keeping their primary mobile number entirely separate from authentication flows.

7. Monitor Your Credit and Identity

SIM swaps are often part of a broader identity theft effort. Regularly monitor your credit reports and consider placing a credit freeze if you believe your personal data has been compromised.

What Carriers Are Doing to Help

Regulatory pressure has pushed major carriers to improve their verification processes. Requirements now include stricter authentication before processing SIM changes, cooling-off periods after account PIN changes, and mandatory notifications when a SIM transfer is requested. However, social engineering remains a persistent vulnerability — human error on the carrier side is the most common failure point.

Key Takeaways

  • SIM swap fraud exploits carrier customer service processes, not your device itself.
  • A SIM lock / port freeze with your carrier is the most direct protection.
  • Replace SMS-based 2FA with authenticator apps or hardware keys wherever possible.
  • Act immediately if your phone loses service unexpectedly — time is critical.