SIM Swap Fraud — How Criminals Hijack Your Phone Number
One morning your phone stops working. No calls, no texts, no signal. Meanwhile, a criminal is using your phone number to drain your bank account. This is SIM swap fraud.
Barbara is 68 years old and lives in Ohio. On a Tuesday morning at 9:15, her phone suddenly stopped working. No signal. No calls. No texts. She assumed it was a network problem and went about her day.
By 9:45 that same morning, someone had drained $12,000 from her bank account. A criminal had taken over her phone number, intercepted her bank security codes, and transferred her money in under thirty minutes.
Barbara was the victim of a SIM swap scam. And it is one of the fastest-growing types of fraud in the United States and the United Kingdom today.
What Is SIM Swap Fraud?
Let us start with the basics. Your phone has a tiny chip inside it called a SIM card. That little chip is what connects your phone number to your actual device. When someone calls or texts you, the network uses your SIM card to route everything to your phone.
In a SIM swap fraud, a criminal convinces your phone carrier (like AT&T, Verizon, T-Mobile, EE, or Vodafone) to transfer your phone number to a brand new SIM card that the criminal controls. Once the transfer goes through, your phone goes dead and theirs lights up with your number.
Think of it like this: imagine someone walked into the post office, pretended to be you, and redirected all your mail to their address. That is essentially what happens, but with your phone number instead of your letters.
The scary part? The criminal does not need to physically steal your phone. They do not need to be anywhere near you. It can all happen over a phone call or even online.
How a SIM Swap Attack Works, Step by Step
Understanding how the scam works makes it much easier to protect yourself. Here is what typically happens:
Step 1: The Criminal Gathers Your Personal Information
Before calling your phone carrier, the scammer needs to know enough about you to pass security questions. They collect information from several places:
- Social media profiles. Your birthday, hometown, maiden name, pet names, and family members are often public on Facebook and Instagram.
- Data breaches. Billions of personal records have been leaked in data breaches over the years. Your name, address, date of birth, and even old passwords may already be floating around the internet.
- Phishing emails and texts. They might send you a fake email pretending to be from your bank or phone carrier, asking you to "verify" your account details. If you want to learn more about spotting these, read our guide on phone scams targeting seniors.
Step 2: They Call Your Phone Carrier
Armed with your personal details, the criminal calls your mobile carrier. They pretend to be you. They might say they lost their phone, it was stolen, or it got damaged. They ask for the number to be transferred to a new SIM card.
Some scammers are incredibly convincing. They know your full name, address, date of birth, and the last four digits of your Social Security number. They answer the security questions correctly because they already have your information.
In some cases, criminals even bribe or trick employees at phone shops to make the swap.
Step 3: Your Phone Goes Dead
The moment the transfer goes through, your phone loses all service. No signal bars. No ability to make or receive calls. No text messages. You are completely cut off.
Most people assume it is a temporary network outage. That delay in realizing what happened gives the criminal precious time.
Step 4: The Criminal Takes Over Your Accounts
Here is where the real damage begins. With your phone number now on their device, the criminal receives all your calls and text messages, including those all-important security codes.
They go to your bank website and click "forgot password." The bank sends a verification code by text. The code goes straight to the criminal. They reset your password, log in, and start transferring your money.
They can do the same with your email, social media, and any other account that uses text message verification. This is why relying only on SMS for two-factor authentication can be risky.
Why SIM Swap Fraud Is So Dangerous
This type of fraud is particularly harmful for several reasons:
It happens fast. From the moment your phone goes dead, a skilled criminal can empty accounts in minutes. Barbara lost $12,000 in half an hour.
It bypasses your security codes. Many banks and online services send a text message code to verify your identity. If a criminal controls your number, they control those codes.
It can be hard to detect immediately. Most of us do not panic the instant our phone loses signal. We wait, restart the phone, maybe try again in a few minutes. Every minute of delay is time the criminal is using.
The damage goes beyond money. Criminals can access your email, your medical records, your social media, and even your online banking. They can lock you out of your own accounts and use your identity for further crimes.
According to the FBI, SIM swap scams cost Americans over $68 million in a single recent year, and those are just the reported cases.
Warning Signs Your Number Has Been Swapped
Pay attention to these red flags. If any of them happen, act immediately:
- Your phone suddenly has no signal. Not just for a moment, but for an extended period. Restarting does not fix it.
- You receive an unexpected text about a SIM change. Some carriers send a confirmation message before the swap completes. If you get one you did not request, call your carrier immediately.
- You receive login alerts you did not trigger. Emails saying "your password was changed" or "new login from an unknown device" when you did not do anything.
- Calls and texts stop arriving. Friends or family members tell you they tried to reach you but could not get through.
- You are locked out of accounts. Your bank login, email, or social media passwords no longer work.
If even one of these happens unexpectedly, do not wait. Take action right away.
6 Ways to Protect Yourself From SIM Swap Fraud
The good news is that you can make yourself a much harder target. Here are six practical steps:
1. Set a PIN or Passcode on Your Carrier Account
Call your mobile carrier and ask them to add a PIN or passcode to your account. This means anyone who calls pretending to be you will need to provide that PIN before any changes can be made.
- AT&T calls it a "passcode"
- Verizon calls it an "account PIN"
- T-Mobile calls it a "customer care password"
- In the UK, ask your provider about their "porting protection" options
This is the single most important thing you can do. Write the PIN down and keep it somewhere safe, like with your other important papers.
2. Use an Authenticator App Instead of SMS
Instead of receiving security codes by text message, switch to an authenticator app like Google Authenticator or Microsoft Authenticator. These apps generate codes directly on your phone. Even if someone steals your number, they will not get these codes.
Your bank or email provider usually has an option to change from text message codes to app-based codes in the security settings. A good password manager can help you keep track of all your accounts as you update them.
3. Keep Personal Information Off Social Media
Scammers use social media to research their targets. Be careful about sharing:
- Your full date of birth
- Your maiden name or mother's maiden name
- Your pet's name (a common security question answer)
- Your home address
- Details about your daily routine
You do not need to stop using social media entirely. Just be thoughtful about what you make public.
4. Be Cautious of Phishing Emails and Texts
Never click links in unexpected emails or texts that ask for personal information. Your phone carrier, bank, and government agencies will never ask you to verify your details through an email link.
If you receive a suspicious message, do not reply. Instead, call the company directly using the number on their official website or on your latest bill. Our guide on how to spot scam emails covers this in detail.
5. Ask Your Carrier About a SIM Lock
Many carriers now offer the option to lock your SIM card or add a "port freeze" to your account. This prevents anyone from transferring your number without going through extra verification steps, often requiring you to visit a store in person with a photo ID.
Call your carrier and ask: "What protections do you offer against SIM swap fraud?" They will walk you through the options available.
6. Monitor Your Accounts for Unusual Activity
Check your bank accounts and credit card statements regularly. Set up email or app notifications for transactions so you are alerted immediately if something looks wrong.
Consider signing up for an identity theft protection service that monitors your personal information and alerts you if it appears in data breaches or is being used fraudulently.
What to Do If You Think It Has Happened
If you suspect you are the victim of a SIM swap, speed is everything. Follow these steps immediately:
1. Call your mobile carrier right away. Use a different phone, a family member's phone, or a landline. Tell them you believe your number has been swapped without your permission. Ask them to reverse it and lock your account.
2. Change your passwords. Starting with your email and bank accounts, change every password you can. Use a different device, like a computer, since your phone may be compromised. Make sure to create strong, unique passwords for each account.
3. Contact your bank. Call your bank immediately and explain what happened. Ask them to freeze your accounts temporarily while the situation is investigated. Banks have fraud departments that handle these cases every day.
4. File a police report. Even if it feels like the police cannot do much, a report creates an official record. You may need this for insurance claims or to dispute fraudulent transactions.
5. Report it to the authorities. In the US, file a complaint with the FTC at identitytheft.gov and with the FBI's Internet Crime Complaint Center at ic3.gov. In the UK, report to Action Fraud at actionfraud.police.uk.
6. Alert the credit bureaus. In the US, contact Equifax, Experian, and TransUnion to place a fraud alert on your credit file. This makes it harder for criminals to open new accounts in your name.
You Can Stay One Step Ahead
SIM swap fraud is frightening, but it is also preventable. Barbara's story could have gone differently if she had a PIN on her carrier account and used an authenticator app instead of text message codes.
The criminals behind these scams rely on people not knowing the threat exists. By reading this article, you have already taken the most important step: awareness.
Take fifteen minutes today to call your phone carrier and set up that account PIN. It is a small action that could save you thousands of dollars and countless hours of stress. You deserve to feel safe and in control of your own phone number.
Was this guide helpful?
You Might Also Like
AARP Fraud Watch Network — Free Scam Protection Resources for Seniors
AARP's Fraud Watch Network offers free tools, a scam helpline, and a tracking map to help seniors fight back against fraud. Here is how to use everything they offer.
Amazon Scams — Fake Orders, Phishing Emails, and Gift Card Fraud
Amazon is the most impersonated company in the world. Here is how scammers use fake order confirmations, phishing emails, and gift card tricks to steal from seniors.
Cash App, Zelle and PayPal Scams — How to Stay Safe
Payment apps make sending money easy, but scammers know that too. Learn the most common Cash App, Zelle, and PayPal scams and how to protect yourself.