SIM Swap Attacks: How to Protect Yourself

Your phone number has become one of the most valuable keys to your digital life — and criminals know it. SIM swap fraud, also known as SIM hijacking or port-out fraud, is a fast-growing identity theft scheme in which an attacker seizes control of your mobile phone number to bypass the very security measures designed to protect you. <cite index="4-8,4-9,4-10">In 2024, the FBI reported that victims lost almost $26 million to SIM swapping scams — and with only 982 reports filed, the average victim lost more than $26,400.</cite> These are not random, low-stakes crimes. They are surgical strikes against your financial accounts, crypto wallets, and digital identity.

What Is a SIM Swap Attack and How Does It Work

<cite index="9-7,9-8">SIM swap fraud occurs when a fraudster convinces a mobile carrier to transfer a victim's phone number to a SIM card they control. Once the swap is complete, the victim's phone loses network connectivity, and the fraudster receives all calls and texts — including one-time passwords for account access.</cite> The attack requires surprisingly little technical skill. <cite index="11-16,11-17,11-18">SIM swapping requires no coding ability, relying instead on the fraudster's ability to manipulate carrier employees into transferring a victim's phone number. Using basic personal information retrieved from public sources or data leaks, fraudsters can execute attacks with just a phone call or store visit. The only tools required are inexpensive prepaid SIM cards or burner phones.</cite> Criminals typically source a victim's personal details — name, address, date of birth, Social Security number — from prior data breaches, phishing campaigns, or social media. <cite index="11-20,11-21">Once fraudsters collect personal information about their target, they contact the victim's mobile carrier, posing as the account holder. Because mobile carriers typically verify identity using security questions, PINs, or personal details, fraudsters may be able to bypass these checks entirely.</cite> With the number under their control, <cite index="11-22">fraudsters can then intercept codes to reset passwords for email, banking, or cryptocurrency accounts, use password reset features that rely on phone number verification, and — most damagingly — transfer funds, make unauthorized purchases, or sell account access on the Dark Web.</cite> The rise of eSIM technology has made the threat even more acute: <cite index="3-24,3-25">carriers now let users activate numbers via QR codes, which has slashed the attack cycle from hours to under five minutes, according to incident analyses from Q1 2025.</cite>

The Scale of the Threat: By the Numbers

The data tells a story of rapid, global escalation. <cite index="2-14,2-15">The FBI's 2024 IC3 report cited 982 complaints that led to nearly $26 million in losses — a figure that builds on $72 million reported in 2022 and $68 million in 2021.</cite> Internationally, the picture is even more alarming. <cite index="2-7">The UK's fraud prevention service, Cifas, reported a 1,055% increase in unauthorized SIM swaps, with nearly 3,000 cases filed in 2024 compared to just 289 the year before.</cite> <cite index="13-16,13-17">Account takeovers (where an attacker seizes control of an existing account) jumped 76%, and 48% of all account takeovers in 2024 involved mobile phone accounts — signaling a clear tactical shift by criminal organizations toward weaponizing phone numbers as the entry point for broader fraud schemes.</cite> The human cost of individual attacks can be devastating. <cite index="11-4">In one documented case, a bank customer lost $38,000 after a fraudster deceived a mobile carrier into transferring the customer's phone number, then intercepted authentication codes to drain his bank account.</cite> <cite index="9-9">SIM swap fraud is particularly appealing to fraudsters due to its scalability, the lack of need for technical expertise, and the potential for massive payouts from a single attack, especially when targeting high-net-worth individuals or cryptocurrency investors.</cite>

Warning Signs to Watch For

Speed is everything when a SIM swap occurs. Recognizing the early indicators can be the difference between a minor disruption and a catastrophic loss. The most immediate red flag is a sudden, unexplained loss of mobile service. <cite index="18-23,18-24">Getting errors when trying to send texts or make calls can mean fraudsters have transferred your number to another SIM card, and a sudden loss of signal and access to calling is another clear indication that your mobile service has been transferred.</cite> <cite index="18-25">Your phone provider may also notify you by email that your SIM card or phone number has been activated on another device.</cite> Beyond your phone itself, watch for downstream account disruptions. <cite index="18-26">If your login credentials no longer work for online accounts like your bank and credit card accounts, it could mean they have been changed by someone else who has gained access, possibly through SIM swapping.</cite> You may also receive unexpected password-reset emails or authentication texts you did not initiate — a sign someone is actively using your number to break into your accounts. Do not dismiss these alerts as glitches. Treat any unexplained loss of cellular service as a security emergency until proven otherwise.

How to Protect Yourself from SIM Swap Fraud

Defending against SIM swap attacks requires action at multiple levels: your carrier, your accounts, and your authentication habits.

**Lock your number at the carrier level.** <cite index="8-9,8-10">Major U.S. carriers like Verizon (Number Lock), AT&T (Extra Security), and T-Mobile (SIM Protection) offer free account locks. Enable these, and any swap requires in-person verification or a special PIN.</cite> Contact your carrier today and ask specifically about their SIM lock or port freeze options.

**Abandon SMS-based two-factor authentication.** <cite index="15-17,15-18">The main reason SIM swap scams are so harmful is their implications for multi-factor authentication. SIM swapping and port-out scams are particularly dangerous because they give attackers access to the phone number used for SMS-based MFA.</cite> Switch to an authenticator app (such as Google Authenticator or Authy) or a hardware security key for all critical accounts — especially banking, email, and cryptocurrency. These methods cannot be hijacked through a SIM swap.

**Minimize your personal data exposure.** <cite index="4-6,4-7">A scammer can use personal information from a data breach or information you have provided on social media to execute a SIM swap.</cite> Audit your social media profiles and remove or restrict details like your birthday, phone number, home address, and the name of your mobile carrier. This reduces the raw material criminals need to impersonate you.

**Set a unique carrier PIN or password.** Most carriers allow you to add a separate PIN or passcode to your account that must be provided before any changes — including a SIM swap — can be made. Choose a PIN that is not derived from publicly available information like the last four digits of your Social Security number or your birth year.

**Monitor your accounts proactively.** Sign up for real-time alerts on all financial and email accounts. The faster you detect unauthorized activity, the faster you can contain the damage.

What to Do If You Are Targeted

If you suspect a SIM swap is already underway, act immediately across several fronts simultaneously.

**Contact your carrier first.** Call your mobile provider's fraud line — or visit a physical store if you have no service — and report the unauthorized SIM change. Ask them to reverse the swap, lock your account, and document when the port occurred and what SIM card information was used.

**Secure your financial accounts.** <cite index="10-7">Call your financial institutions to place an alert on your accounts for suspicious login attempts.</cite> Ask your bank to temporarily freeze transactions and change all passwords from a secure device not linked to your phone number.

**Regain access to email immediately.** <cite index="10-5,10-6">Attempt to access your online accounts as soon as possible from a secure location and change your passwords — email accounts are normally targeted first.</cite> Transitioning away from SMS-based recovery options on these accounts should be your priority once you regain access.

**Report to federal authorities.** <cite index="10-14,10-15">Report the incident to the FBI or your local police department. Potential victims or anyone observing activity related to SIM swapping attacks can report it to the FBI at tips.fbi.gov.</cite> You should also file a complaint with the FTC at ReportFraud.ftc.gov and contact the FCC if you believe your carrier failed in its duty to protect your account.

**Monitor your credit.** <cite index="18-9,18-10">Regularly check your credit in the coming months to see if scammers tried to open accounts in your name. Dispute any fraud you find with the credit bureaus, and consider setting up credit monitoring for automatic alerts.</cite>

SIM swap attacks are industrialized, high-margin crimes powered by data breaches, weak carrier authentication, and our collective over-reliance on SMS security codes. <cite index="3-29,3-30">SIM swap attacks aren't rising by accident — it is an industrialized crime wave fuelled by data oversharing, outdated SMS authentication, and call-centre vulnerabilities. Break any link in that chain — stronger identity checks, phishing-resistant authentication, carrier number locks — and you starve attackers of their access.</cite> The protections are largely free, available right now, and take minutes to set up. There is no reason to wait.