The Fraud Codex

Codex/Cyber & Technical Scams/SIM Swap Attack
💻

Cyber & Technical Scams

SIM Swap Attack

Critical Risk

Criminals convince your phone carrier to transfer your number to their SIM card, then intercept 2FA codes to drain bank accounts and crypto wallets.

Reported Losses

$68 million in SIM swap losses (FBI 2021) — likely much higher unreported

Primary Targets

Cryptocurrency holders, high-net-worth individuals, executives, influencers

Last Updated

2026-01-07

Also Known As

SIM Hijacking

How Scammers Contact You

Phone carrier social engineeringBribed carrier employeesPhishing for account PINs

How This Scam Works

SIM swapping bypasses two-factor authentication by stealing your phone number.

**How it works:** 1. Attacker gathers info about you (social media, data breaches, phishing) 2. They call your carrier pretending to be you, claiming lost/stolen phone 3. They convince the carrier to transfer your number to their SIM 4. Your phone loses service; their phone receives your calls and texts 5. They receive all your 2FA codes 6. They reset passwords and drain accounts

**What gets compromised:** - Bank accounts (password reset via SMS) - Cryptocurrency exchanges and wallets - Email accounts - Social media accounts - Any account using SMS 2FA

**How they get carrier access:** - Social engineering customer service - Phishing your carrier account PIN - Bribing carrier employees (documented cases) - Using personal info from data breaches

Red Flags to Watch For

  • ⚠️Phone suddenly shows "No Service" or "Emergency Calls Only"
  • ⚠️Unable to make calls or send texts
  • ⚠️Receive email notifications about password changes you didn't request
  • ⚠️Carrier notifies you of SIM change you didn't make
  • ⚠️Locked out of accounts unexpectedly
  • ⚠️Receive alerts about login attempts you didn't make
  • ⚠️Bank or crypto exchange alerts about withdrawals

📝 Real Victim Account

"I noticed my phone had no service while at dinner. I thought it was a network issue. By the time I got home and connected to WiFi, someone had drained $800,000 in cryptocurrency from my Coinbase account. They SIM swapped my phone, received my 2FA codes, and took everything in under two hours."

Vice Motherboard Investigation, 2023

How to Protect Yourself

  1. 1Set a PIN/passcode with your carrier that's required for any account changes
  2. 2Use authenticator apps (Google Authenticator, Authy) instead of SMS 2FA
  3. 3Use hardware security keys (YubiKey) for critical accounts
  4. 4Enable "Number Lock" or "Port Freeze" with your carrier if available
  5. 5Never share your carrier PIN or account info
  6. 6Use unique email for crypto/financial accounts
  7. 7Consider Google Voice or similar as 2FA number (harder to SIM swap)
  8. 8Limit personal info shared on social media

🆘 What to Do If You're a Victim

  1. 1Contact your carrier IMMEDIATELY to regain control of your number
  2. 2Contact banks and crypto exchanges to freeze accounts
  3. 3Change passwords on all important accounts using a computer (not affected phone)
  4. 4Enable non-SMS 2FA on all accounts
  5. 5File a police report
  6. 6Report to FBI IC3 at ic3.gov
  7. 7Contact credit bureaus to place fraud alerts
  8. 8Document all losses for potential legal action

🔗 Related Scams

AI-Enhanced Phishing

Highly personalized phishing emails written by AI that are more convincing and h...

Bank Impersonation Scam

Scammers pose as your bank's fraud department claiming suspicious activity on yo...

Cryptocurrency Investment Scam

Fake crypto trading platforms, signal groups, and investment opportunities that ...

📚 Sources & References

Think You've Encountered This Scam?

Use our AI-powered scanner to analyze suspicious URLs, emails, or messages.

Scan NowBrowse All Scams