eSIM Swap Attack
A variant of SIM swapping that exploits the eSIM provisioning process to transfer a victim's number to an attacker-controlled device without a physical SIM card.
Also known as: eSIM hijack, eSIM provisioning fraud, embedded SIM swap
Last reviewed: 10 June 2026
An eSIM (embedded SIM) is a programmable chip built into modern smartphones that can be activated over the air without a physical card. This convenience is exploited in eSIM swap attacks: an attacker who has stolen or social-engineered a victim's carrier account credentials uses the carrier's eSIM provisioning portal to activate a new eSIM profile bearing the victim's number on a device the attacker controls.
The attack is in many ways harder to detect than a traditional SIM swap because no store visit is required and no staff member has to be deceived in person. Some carriers require only a QR code scan and account password to complete an eSIM transfer. Security researchers have shown that certain carrier apps validate provisioning requests with minimal friction, making automated attacks feasible.
Consumers should place a PIN or passcode on eSIM changes with their carrier just as they would for number porting. If your eSIM-capable phone suddenly loses connectivity without explanation, call your carrier from another line immediately. Using an authenticator app rather than SMS codes limits the damage even if a swap succeeds.