eSIM Swap Fraud
A criminal tricks a mobile carrier into transferring a victim's phone number onto an attacker-controlled eSIM, hijacking calls and texts used for account security.
Also known as: eSIM hijacking, digital SIM swap
Last reviewed: 5 July 2026
eSIM swap fraud is an updated form of SIM swapping adapted to digital eSIM technology, where a phone's cellular identity is a downloadable profile rather than a physical card. An attacker who has gathered enough of a victim's personal information, such as through phishing, data breaches, or social engineering, contacts the victim's mobile carrier and requests that the phone number be transferred to a new eSIM under the attacker's control, sometimes activated purely online without ever visiting a store. Because eSIM activation can happen entirely remotely with a QR code or activation link, a carrier's identity verification step becomes the sole barrier, and weak verification lets the swap go through in minutes.
Once the number is transferred, the victim's phone loses cellular service, and the attacker begins receiving the victim's calls and text messages, including one-time SMS passcodes used to reset banking, email, and cryptocurrency exchange account passwords. The attacker then rapidly locks the real owner out of critical accounts and drains funds before the victim can regain control of their number.
Users can reduce risk by setting a carrier account PIN or port-out password, avoiding SMS-based two-factor authentication in favor of an authenticator app or hardware security key, and treating a sudden, unexplained loss of cellular signal as a potential sign of an in-progress takeover requiring an immediate call to the carrier from another phone.
Examples
- A victim's phone suddenly loses signal, and within the hour their email and banking accounts have been reset using SMS codes redirected to the attacker's new eSIM.
- An attacker convinces a carrier's support line to activate a victim's number on a new eSIM profile using stolen personal details, without ever needing physical access to a SIM card.