SIM Jacking
A broad term for attacks that seize control of a victim's mobile phone number, including SIM swap fraud and port-out fraud, to intercept SMS codes and calls.
Also known as: SIM hijacking, phone number hijacking, mobile number takeover
Last reviewed: 1 June 2026
SIM jacking refers to any technique by which an attacker gains control of a victim's mobile number. The two main methods are SIM swap (convincing a carrier to transfer the number to a new SIM card) and port-out fraud (transferring the number to a different network entirely). Both result in the victim's calls and texts being routed to the attacker's device.
Once in control of a phone number, attackers can intercept one-time passwords sent by SMS, receive 'forgot password' calls, and use the number to pass identity verification checks for banking and crypto accounts. The attacker can then drain financial accounts before the victim realises their phone has lost service.
SIM jacking attacks are typically preceded by reconnaissance — gathering the victim's personal details (name, address, account PIN) from social media, data breaches, or direct social engineering. Defence includes adding a carrier 'port freeze' or account PIN, using authenticator apps instead of SMS for two-factor authentication, and enabling account-level port-out protection with your carrier.
Examples
- An attacker calls a mobile carrier impersonating the account holder and convinces a representative to issue a new SIM, taking over the victim's number.