- Security
- Privacy
- Performance
A SIM swap attack tricks your mobile carrier into sending your texts and calls to a scammer — including password recovery and account verification codes. If a SIM swap scam leaves your bank accounts vulnerable, it can have devastating consequences. Learn all about SIM swapping and how to prevent SIM hijacking, and download our award-winning security app to help defend against hackers, scams, and other online threats.
.svg)
SIM swapping, also known as SIM hijacking or SIM jacking, is a type of fraud where criminals trick your cell service provider into transferring your phone number to a new SIM card they control. After a SIM swap attack, the fraudster will receive all your calls and texts to their phone.
Aside from the obvious personal privacy concerns, this allows the cybercriminal to view two-factor authentication (2FA) codes and potentially access your online accounts (including particularly sensitive ones, like your bank account) to change your passwords. All without you having any direct engagement with the scammer.
A SIM swap scam happens when a fraudster convinces a service provider to switch a victim’s service to a SIM card that they control.
SIM swapping is a serious cybercrime that can lead directly to wire fraud or identity theft. In 2024, the FBI investigated 982 SIM swap attacks, with losses totaling almost $26 million. And research from IDCARE, a charity working in Australia and New Zealand, noted that 90% of attacks occur without victim interaction, making SIM swapping a particularly difficult form of fraud to defend against.
But understanding how it works gives you a better chance of spotting the warning signs that you’re being targeted.
SIM swapping attacks tend to follow a three-stage process. The perpetrator first uses social engineering tactics to get hold of a victim’s sensitive personal information. They then use this information to impersonate the victim and convince their carrier to complete the number transfer. Finally, they use their access to the victim’s phone number to commit financial fraud or identity theft.
Here’s a more detailed look at these three main steps:
SIM swapping often starts with a phishing attack, where scammers try to steal your sensitive information by impersonating a trusted company or person. They might run an Instagram scam, for example, creating a fake customer support profile to trick you into revealing your phone number or address. Other phishing tactics include sugar daddy scams and romance scams, where fraudsters feign romantic interest to extract information from you.
Alternatively, the cybercriminal might gain access to your personal details through illicit data brokers or data breach repositories, often found on the dark web. In some cases, spyware may be used to steal information directly from your devices.
To execute a SIM swap attack, a hacker may first phish for personal information.
With your personal information, the scammer will then try to convince your mobile carrier to transfer your mobile number to a SIM card they control. They might claim that the original SIM card has been lost, stolen, or damaged, and use your sensitive information to “prove” their identity.
If they’re successful in getting your carrier to approve the transfer, they’ll start receiving all of your texts and calls. This allows them to intercept two-factor authentication codes that are often sent as part of password reset processes. This means the scammer can reset your passwords and lock you out of important online accounts, like banking or social media.
Your personal information is the key to a SIM swapper’s success, determining whether they’ll be able to impersonate you. The more details they have about you, the more convincing they’ll be to your phone carrier, and the more likely their number transfer request will be approved.
Here are some of the key details SIM hijackers are looking for to trick mobile carriers:
Financial information: Details on the credit card attached to your account, like the last four digits, date of activation, last payment, and the CVC (card verification code) on the back.
Device details: The IMEI (International Mobile Equipment Identity), which is your device’s unique serial number, or the ICCID (Integrated Circuit Card Identifier), which is your SIM card’s unique serial number.
Personal data: Your phone number, billing address, full name, date of birth, or email address.
Call logs: Information about any recently dialed numbers, dates of calls, or the identities of call recipients.
Account credentials: Confidential authentication credentials like account access PINs, passwords, one-time passcodes, or answers to security questions.
A SIM swap attack can last until it’s detected and the carrier restores control to the legitimate account owner, or until the attacker achieves their goal. Unless you spot the warning signs, a SIM swap attack is only likely to end once the cybercriminal has gained access to your online accounts and transferred funds or made significant purchases, after which they will abandon your number.
Key ways to help protect against SIM swapping attacks revolve around improving your account security and keeping your sensitive information private. SIM swappers prey on weak passwords and easily accessible information to convince cell service carriers that they’re the legitimate account holder. Using complex, unique passwords, limiting the information you share on social media, and adding additional authentication measures to your accounts can all help protect you.
Here’s a more detailed look at what you can do to stay safer against SIM swap attacks:
Limit the information you share online: SIM-jackers often cyberstalk their targets before they strike. Every piece of information you post can be used to build a profile of your identity. Keep personal details like your address, phone number, full name, and date of birth as private as possible.
Don’t comply with unsolicited requests for personal info: While legitimate companies might contact you on occasion, they’ll never ask for sensitive details like your password, PIN, or one-time passcodes. Be wary of unsolicited messages from someone claiming they need this information, it may be a SIM attacker trying to trick you.
Use strong passwords: Strong, unique passwords act as a valuable frontline defense against SIM swappers and other scammers. Consider using a good password manager to help manage them, so you can focus on making sure they’re long, random, and hard to crack.
Implement SIM-specific protection: Some carriers offer specific measures designed to reduce or eliminate your vulnerability to SIM swap attacks, such as T-Mobile’s SIM protection. These can be worth considering if you’re concerned about the risk.
Change your SIM’s default PIN: Your SIM PIN code is a unique passcode needed to make changes to SIM settings. You’ll have a default code already, but you can change it to something more secure by navigating to your phone’s settings app and looking for an option that says “SIM security” or similar. Some carriers also offer Number Transfer PINS, which only come into effect when a SIM change is requested.
Avoid SMS-based authentication: Instead, use apps like Google Authenticator or Microsoft Authenticator. These apps are tied to your device, rather than your number, and secured with a PIN or biometrics. This makes it much harder for scammers to exploit in a SIM swap attack. Some companies, like Yubico, even offer hardware authentication devices that can add an extra layer of account protection by separating 2FA from your phone number.
Set up bank and mobile carrier alerts: You can request notification emails or text messages about changes to your bank or cell carrier accounts. These alerts act as an early-warning system, helping you spot SIM swap attempts or other fraudulent activity faster, so you can act before the attack escalates.
Signs that you're part of a SIM swap attack include sudden loss of service features, unexpected carrier or account alerts, locked-out logins, and unfamiliar charges. If you notice any of these, act fast — your phone number and online accounts could be compromised.
You can't make calls or send textsIf you’re unable to make calls, send texts, or use mobile data, it’s usually a sign that something’s wrong with your network connection. While it could simply be the result of a service outage, it could also be that you’ve been targeted in a SIM card swap attack, and a fraudster has transferred your cell service and phone number to their device.
You're notified of activity elsewhereMany cell services will notify you if they detect unusual account activity. If you start getting emails about suspicious activity on your accounts, there might be a SIM swap attack or other account takeover scheme in progress. Likewise, your mobile carrier may send you a confirmation message that your phone number has been activated on a new device.
You're unable to access accountsUsually, a SIM card hacker’s first move is to lock you out of your accounts by changing the passwords. Some accounts will automatically block access as a security measure after too many questionable login attempts. So, losing access to online accounts is a clear signal that someone is attempting to access them or has done so, and should prompt you to take immediate steps to secure them.
You find unauthorized transactionsThe ultimate goal of a SIM swap scam is usually to drain the victim’s bank account. If you get notifications about transactions you didn’t make, it could be due to SIM swapping. If this is the case, you should secure your financial accounts, dispute the charges, and regain control of your phone number as soon as possible.
If you’re the victim of a SIM swap attack, immediately contact your carrier, notify your bank to freeze accounts and dispute fraudulent transactions, disable SMS 2FA and change your passwords, then re-enable 2FA once your number is back under your control.
Contact your cell provider as soon as possible if you suspect a SIM swap. Your mobile service provider may not be able to catch the crook, but they can put an end to their scheme by cutting off their access to your mobile network.
If you’re a Verizon customer call *611 from your mobile to place an airtime-free call, which works even if your device has been deactivated, or call 1-800-922-0204 from any other device.
If you’re an AT&T customer call 1-800-331-0500 or use the Wireless Account Lock feature in the official myAT&T app.
If you’re a T-Mobile customer call 611 from your mobile or 1-800-937-8997 from any other device.
If you’re a US Cellular customer call 1-888-944-9400.
Contact your bank to advise them of the situation and request they freeze your accounts to block all transactions until you’re sure they’re secure. If unauthorized transactions have already gone through, start the dispute process to see if they can be canceled or refunded. Your bank will advise further actions, as necessary.
Until you’re 100% certain the SIM swap scammer no longer has access to your texts and calls, prevent them from locking you out of any more accounts by disabling 2FA in your account settings. Then set new, strong passwords on sensitive accounts for good measure.
Once your cell service is restored to a SIM card you control, re-enable 2FA and make sure you have all account security features and notifications turned on to help you detect and prevent SIM swap attacks and other hacks in the future.
SIM swap scams often begin subtly, as fraudsters gather your personal information. Once equipped, they target your phone number, then try to access your online accounts. That means your first line of defense against SIM swappers is to avoid online scams and malware that might compromise your data.
Avast Free Antivirus can help you defend against scams that hackers may use in SIM swap attacks — blocking malware, phishing links, and fake websites, so you can enjoy a safer online experience. Get comprehensive online security today, for free.
