In our increasingly connected world, your phone number is more than just a way for friends and family to reach you – it’s also a key to your digital identity. Banks, social media platforms, and email providers often use your mobile number for two-factor authentication (2FA) and account recovery. Unfortunately, that makes it a target for a growing cybercrime known as SIM swap fraud.
What Is SIM swap fraud?
SIM swap fraud, also known as SIM hijacking, is a type of identity theft where a criminal tricks your mobile provider into transferring your phone number to a SIM card they control. Once they gain access to your number, they can intercept your calls and texts—most dangerously, the one-time passwords (OTPs) and 2FA codes needed to access your online accounts.
In many cases, your phone suddenly loses signal. Meanwhile, the fraudster uses the hijacked number to reset your passwords, bypass 2FA, and take over sensitive accounts like online banking, email, or cryptocurrency wallets.
How does it happen?
Fraudsters typically gather personal information about their target—such as name, date of birth, address, and mobile provider—through phishing emails, combing through social media, data breaches, or buying it from other cybercriminals on the dark web. With enough data, they contact the mobile provider, impersonate the victim, and request a SIM swap.
If successful, the attacker receives all the calls and texts meant for the victim. In some cases, the scam may be carried out by insiders within telecom companies or through weak verification processes at customer support centres.
Warning signs of a SIM swap
- Sudden loss of mobile signal: your phone shows ‘No Service’ or can’t send/receive texts or calls.
- You’re locked out of accounts: you receive notifications of password resets or account access attempts.
- Unusual activity on bank or email accounts: unauthorised transactions or login alerts may appear shortly after the SIM swap.
How to protect yourself from SIM swap fraud
- Limit personal information online: avoid oversharing on social media. Cybercriminals often piece together details from different platforms to impersonate you.
- Use strong, unique passwords: every account should have its own complex password. Consider using a password manager to keep track.
- Enable app-based two-factor authentication (2FA): instead of relying on SMS-based 2FA, use apps like Google Authenticator, Authy, or Microsoft Authenticator. These don’t depend on your phone number.
- Add a PIN or password to your mobile account: most carriers allow you to set a security PIN that must be provided before making changes to your account.
- Monitor your accounts and mobile service: check regularly for unusual activity on financial accounts and be alert to unexpected changes in mobile service.
- Be cautious with phishing attempts: don’t click suspicious links or provide personal info via email, text, or phone call—even if the message seems legitimate.
What to do if you suspect a SIM swap
- Contact your mobile provider immediately to report the issue and regain control of your number.
- Change passwords on key accounts, especially those tied to your phone number.
- Notify your bank and other financial institutions to put fraud alerts in place. You may also consider subscribing to a credit score agency to make sure that nobody else is trying to obtain credit in your name.
- Report the incident to Action Fraud, the UK’s national fraud and cybercrime reporting centre, at www.actionfraud.police.uk or by calling 0300 123 2040.
