A phone with two SIM cards being swapped over it. One of the cards has a skull on it.

“You’ve been hit by, you’ve been struck by a smooth criminal,” sang Michael Jackson. Words illustrating a sad reality — most SIM swap victims realize they’ve been “hit” after the attack has taken place. Let’s prepare against them and find out what SIM swap scams are and how to find out if you’re a victim.

What is a SIM swap attack?

SIM swapping, SIM jacking, SIM splitting, SIM swap fraud, or SIM card hacking is a multi-stage crime where a criminal tricks a mobile carrier into transferring a victim’s phone number to a SIM card under the criminal’s control.

The “goal” is to receive two-factor authentication messages on the hacker’s phone when trying to access the victim’s accounts. Once they do that, they change the account logins and wreak havoc. A SIM swap is similar to a burglar stealing your house keys, changing the lock to your home, and stealing all they can.

Note: Did you know SIM stands for Subscriber Identity Module?

How does SIM swapping work?

In a SIM swap attack, a scammer finds a victim and collects personal information about them. The most common information the scammers look for is:

  • Financial information — the banking card number and its card verification code;
  • Device details — your mobile device has a unique serial number, and so does your SIM card;
  • Personal details — billing address, full name, date of birth, email address.

SIM swap fraud scammers get such info by following social media accounts, buying it from data brokers, finding it in data breaches shared on the dark web, or using phishing (a social engineering technique) to lure personal information out of the victim.

Then, the scammer contacts the mobile phone carrier and impersonates the victim, claiming the original SIM is lost or stolen. 

The cell phone carrier tries to authenticate the caller and asks for the victim’s personal info and the scammer provides it.

Once the carrier is convinced, the scammer asks them to transfer the victim’s mobile service to the hacker’s SIM card.

Now, if the victim is using their phone number as their second factor in two-factor authentication (2FA), the scammer will receive the authentication codes.

The process of SIM swap attack.

Warning signs of a SIM swap

In general, victims experience signs of a SIM swap fraud when the attack has taken place. Most signs relate to not being able to use whatever services having a phone number lets you — calling and sending messages. But there are more dead giveaways of a SIM swap.

Getting unusual or unexpected texts or calls

Be wary of unfamiliar phone calls or text messages from your mobile provider, especially those asking for your personal information. This usually happens in the first steps of the SIM swapping. Always verify such requests directly with your provider.

Can’t make calls or send texts

If you can’t make a call or send a text, it may be because your cell service has been transferred. There is a chance that your carrier’s service got disrupted, so to make sure, check the provider’s website.

Phone service is dead

If you suddenly lose mobile network access or your phone shows “No service,” it could mean a SIM swap happened. Monitor your network connection and stay vigilant.

You can’t access your online accounts

Not being able to access your account means the scammer may have used your number to change the login credentials. Keep an eye on your online accounts for suspicious activity like unauthorized password resets or new device logins without your knowledge — these could be linked to a SIM swap attack.

Unexpected expenses and transactions

Review your bank accounts and review credit card statements for any unauthorized and unfamiliar transactions. If you notice payments you didn’t make — you may be at the final stage of a SIM swap attack.

Receiving unprompted security notifications

You may receive notifications from a service provider telling you that someone else is signing into your account from a different device or from a different place. Take such notifications seriously because they indicate a SIM card swap.

How to prevent SIM swapping scams

The best way to prevent SIM swapping scams is sharing as little information online as possible. You lessen the potential for the scam since you’re not giving anything to the scammer. Then, there are additional steps, like being aware of phishing, and creating stronger passwords.

Opt for a postpaid SIM

Get a postpaid SIM card. In 2020, a Princeton University study called “An Empirical Study of Wireless Carrier Authentication for SIM Swaps” was released. The researchers tested how easy it was to SIM-swap by doing it themselves.

Among other great things, they studied the authentication processes for postpaid and prepaid accounts of three carriers — AT&T, T-Mobile, and Verizon. They found that “some carriers may have implemented stronger authentication for postpaid accounts than for prepaid accounts.”

Change the PIN on your SIM

Your SIM card should come with a four-digit PIN number, and when you get it, change it to a new one. Once done, make sure to contact your cellular provider and ask them to notify you when a SIM swap is issued.

Try non-SMS multi-factor authentication

Relying on SIM-based messages for authentication may not be enough — use authentication apps like password managers (1password or NordPass), biometric authenticators (face ID), and other multi-factor authentication measures and apps to increase your account security and add to the scammer’s headache.

Set up alerts on all crucial services

Banking apps and services, social media, and platforms your work relies on — all have accounts that can be adjusted to alert you when a suspicious login attempt is made.

Limit personal information online

A SIM swap scam relies heavily on collecting as much information about you as possible. Be aware how much you share, because some people tend to overshare their personal life details on social media, without even realizing the potential consequences.

?? Girl Accidentally Reveals PASSWORD to Stranger! #funny #shorts – YouTube

The most leaked personal information is email addresses. And one of the biggest causes is people giving away their emails on fake websites and clicking on malicious links afterward. While not clicking a phishing link is completely up to you, we can offer a “burner email” — Alternative ID (or Alt ID).

Alt ID is Surfshark’s email masking feature that generates a new email for you to use online. When unsure whether a site is legit, use the one generated by Alt ID.

Minimize the potential for scams
With the in-built Alternative ID

Be wary of phishing scams

Carefully examine unexpected text messages and emails, avoid clicking on suspicious links, and verify the sender’s identity. Being cautious of phishing scams involves skepticism and vigilance. Anything can be a phishing scam!

Remove yourself from data brokers databases

Data brokers are the dealers for scammers looking to commit a phishing scam.

Data brokers get personal data by gathering information from public records and online activities, forming data-sharing agreements with companies, and tracking online activities using cookies.

Nasty stuff. Don’t worry, you can use a service that removes your data from the data broker’s database. Services like Incogni use the GDPR, CCPA, and other applicable privacy laws to issue a warning to take legal action, and if the data broker doesn’t agree, they get fined.

What to do if you’re a victim of SIM hijacking

The study “Countering SIM-Swapping” published by ENISA (European Union Agency for Cybersecurity) offers a short but useful tip:

If you experience any of the SIM swap signs, contact your telecom provider as soon as possible.

If it confirms the SIM swap, immediately contact your bank and change the passwords for your online accounts. Furthermore, report the fraudulent activity to the police.

  1. Alert your carrier — contact your carrier by calling from someone else’s phone and explain your situation. Ask them to stop the service for the stolen number.
  2. Notify financial service providers — contact your bank, explain your situation, and ask them to freeze your financial accounts if unrecognized transactions have been made.
  3. Change passwords — all your online accounts using your phone number as a form of 2FA login are at serious risk, so change your passwords if you are not yet locked out of them.
  4. Disable 2FA — disable it until you regain full control of your number and SIM card. Then, re-enable it using app-based 2FA authentication.
  5. Report to the Internet Crime Complaint Center (IC3) — IC3 is a partnership between the FBI and NW3C. It analyzes cybercrime complaints and shares information with law enforcement for investigations and prosecutions.
  6. Don’t engage with the scammer — they may try to extort money out of you with all kinds of threats. Don’t give in and don’t engage further with the scammer.

On the final note on avoiding SIM swap attacks

Take unusual activity notifications seriously — your spider sense is tingling for a reason.

Monitor your network connection, be cautious of unusual texts or calls, and keep an eye on your online accounts for suspicious activity. Regularly review your bank and credit card statements for unauthorized transactions.

Be mindful of your online habits and where you share your information. Remember, online privacy is key to avoiding scams. One good way to retain your online privacy is to get a VPN.

Guard your SIM
And safely go for an online swim


What are the SIM swapping stages?

The main SIM swapping stages are:

  1. The scammer gathers the victim’s personal (identifier) info.
  2. The felon calls the victim’s carrier and requests a number transfer while impersonating the victim.
  3. The carrier tries to authenticate the caller and requests the victim’s personal info.
  4. The scammer provides the victim’s personal info.
  5. The number is transferred to the scammer’s SIM card.
  6. The scammer tries to log into one of the victim’s accounts and requests a password change.
  7. The 2FA authentication code is sent to the scammer’s SIM.
  8. The scammer changes the password, and the victim is locked out of the account.

What can someone do if they put my SIM card on their phone?

A person with your SIM card on their mobile phone can use your card the same way you could — receive messages and calls meant for you. If the person does so maliciously and without your knowledge, they can lock you out of your online accounts by bypassing two-factor authentication. Then, the potential damage is limitless.

Why would someone steal a SIM card?

Stealing a SIM card (or committing a SIM swap) lets criminals bypass two-factor authentication and commit identity theft (impersonating the victim using their phone number) and financial fraud by accessing financial accounts and other sensitive information.

Does SIM lock prevent SIM spoofing?

A SIM lock (or PIN code) doesn’t prevent SIM spoofing or SIM swap attacks because fraudsters transfer your number to a new SIM card, bypassing the lock. We advise you to use strong passwords and non-SMS-based two-factor authentication and be cautious when sharing personal information online.

Are there any public study documents on SIM swap attacks?

Yes, there are, and these documents should provide you a wealth of information on the subject: