eSIM Swap Fraud Signalled via SMS
How SMS messages — both fraudulent phishing texts and legitimate carrier notifications — intersect with eSIM swap fraud, and what to do when you receive a SIM change notification.
Part of: eSIM Swap Fraud
Last reviewed: 9 June 2026
eSIM swap fraud — where an attacker transfers a victim's phone number to a new eSIM under attacker control — intersects with SMS in two key ways. Carriers send legitimate SMS notifications when a SIM or eSIM change is requested, giving victims a brief window to dispute the change. Simultaneously, attackers send phishing SMS messages before initiating the swap, gathering the information needed to authenticate the transfer.
For victims, understanding the role of SMS in both phases is essential. A text from your carrier about a SIM change you did not request is an urgent fraud signal. A text from an unknown source asking you to confirm details 'for a carrier upgrade' is a precursor to a swap attack. Both demand immediate action.
How this scam works on SMS
In the phishing phase, a text arrives claiming to be from the carrier and asking the recipient to confirm identity details — date of birth, account PIN, or the last four digits of a payment card — to complete an account security upgrade or eSIM registration. These details are submitted to the carrier by the attacker to authenticate the SIM transfer request.
Once the swap is complete, the victim receives a text stating their number has been transferred to a new device. Calls and texts can no longer be received on the original phone. Within minutes, attackers receive all SMS-based two-factor authentication codes for the victim's bank accounts, email, and other services. Fraudulent transactions follow immediately before the victim can contact the carrier to reverse the swap.
Common red flags
- Text asking you to confirm account PIN, date of birth, or payment card digits for a 'carrier upgrade'
- SMS from your carrier confirming a SIM or eSIM change you did not request
- Phone suddenly showing no network coverage or 'SIM not supported' message
- Login alerts from your bank or email arriving for logins you did not initiate
- SMS-based verification codes arriving for services you are not trying to access
How to protect yourself
- Set a SIM lock or account PIN with your carrier that must be provided in person or verified through a secondary channel before any SIM change
- If you receive an unexpected SIM change notification, call your carrier immediately
- Replace SMS-based two-factor authentication with authenticator apps for banking and email
- Do not provide account PINs or identity details to anyone contacting you by SMS
- Monitor your accounts for unusual activity if your phone loses network unexpectedly
How to report it
- Call your carrier's fraud line immediately — this is a time-critical fraud
- Report to Action Fraud (UK) or IC3 (US)
- Contact your bank's fraud team if financial accounts were accessed
Frequently asked questions
How quickly can attackers drain accounts after a SIM swap?
Attackers typically act within minutes of completing a SIM swap, moving fastest on accounts protected only by SMS verification. If your phone loses coverage unexpectedly, treating it as a potential SIM swap and acting immediately gives the best chance of preventing losses.
Can carriers prevent SIM swaps entirely?
Carriers can add account-level protections including port freeze or SIM lock features that require in-person verification before any transfer. Ask your carrier specifically about these options.