Number Porting Scams via Email
Fraudsters send phishing emails impersonating mobile carriers to harvest account credentials and port victims' phone numbers to attacker-controlled SIMs.
Part of: Number Porting Scams
Last reviewed: 1 June 2026
A successful SIM-swap or port-out attack gives criminals control of your phone number, allowing them to intercept SMS two-factor authentication codes and hijack bank accounts, email, and crypto wallets. Email is the primary channel used to harvest the carrier login credentials that make porting possible.
Victims receive convincing carrier-branded emails claiming account issues, billing errors, or security alerts. One click on a spoofed link leads to a fake carrier login page that captures credentials — setting the stage for a porting request the victim never authorised.
How this scam works on Email
Attackers register lookalike carrier domains or use compromised sending infrastructure to blast phishing emails mimicking carriers. The email links to a pixel-perfect fake carrier portal that logs credentials and MFA codes in real time, passing them to an attacker who simultaneously authenticates on the real carrier site.
Once logged in, the attacker initiates a port to a new SIM or eSIM. This typically completes within hours, after which the victim's phone loses signal and their number receives calls and texts on the attacker's device.
Some campaigns pair email with phone calls: the email primes the victim with a 'security alert,' and a follow-up call from the 'carrier security team' completes the social engineering to obtain the account PIN.
Common red flags
- Email claims unusual activity and prompts you to log in via an embedded link
- Sender domain is a variant of the real carrier domain (e.g., extra hyphen or TLD swap)
- Login page URL does not match the carrier's official domain
- Email requests your account PIN or transfer authorisation code
- Sudden loss of mobile signal shortly after clicking a link
- Bank or authenticator app OTPs stop arriving
How to protect yourself
- Go directly to your carrier's website by typing the address — never click email links
- Set a strong, unique account PIN with your carrier and enable a port-freeze or number-lock
- Switch from SMS-based 2FA to authenticator app or hardware key wherever possible
- Enable login notifications on your carrier account so you see unauthorised access immediately
- Contact your carrier immediately if your phone loses signal unexpectedly
- Freeze your credit if you suspect identity information was also compromised
How to report it
- Call your carrier's fraud line immediately to freeze your number and reverse any unauthorised port
- Report the phishing email to your national cybercrime reporting centre
- Forward the email to the carrier's abuse address (usually abuse@[carrier.com])
Frequently asked questions
Can a ported number be returned to me?
Yes. Carriers can reverse an unauthorised port, but speed is critical. Contact your carrier's fraud line within minutes of noticing signal loss and request an emergency port-back.