SIM-Swap Account Takeover Impersonating AT&T
Criminals impersonate AT&T customers at stores or by phone, persuading representatives to transfer the victim's phone number to a SIM the criminal controls, then use that number to intercept OTPs and drain financial accounts.
Part of: SIM Swap Scams
Last reviewed: 8 June 2026
AT&T is one of the largest mobile carriers in the United States, serving tens of millions of subscribers. Because so many financial accounts and email services use a phone number as the primary second-factor of authentication, gaining control of someone's AT&T number is effectively a master key to their digital life.
In a SIM-swap attack, the criminal gathers enough personal information about the target — full name, address, last four digits of their Social Security Number, account PIN — and either calls AT&T customer service or walks into a retail store. Impersonating the legitimate account holder, they request that the number be ported to a new SIM card. Once approved, the victim's phone loses signal and the attacker starts receiving all calls and texts, including one-time passwords.
AT&T has introduced voluntary SIM-lock and enhanced passcode protections, but social engineering remains effective when attackers have researched their target thoroughly, often using data purchased from breach marketplaces or harvested through prior phishing campaigns.
How this scam works on the AT&T brand
AT&T's legitimate SIM-change process requires an account PIN or the last four digits of the account holder's SSN, plus photo ID at a retail store. Attackers bypass these controls by bribing store employees, using deep research into the victim's social media to answer security questions, or presenting convincing counterfeit identity documents.
Once the port succeeds, the attacker requests password resets for Gmail, Outlook, and financial apps — all delivered as SMS codes to the now-controlled number. Within minutes, email accounts, banking apps, and cryptocurrency wallets can be accessed and emptied. The legitimate customer experiences a sudden loss of mobile service and typically does not realise what has happened until they try to make a call.
Some attackers combine a prior AT&T portal phishing campaign to obtain the account PIN online, then initiate the SIM swap through the automated web portal without any human interaction at all — making detection harder and the window of attack much wider.
Common red flags
- Your AT&T phone suddenly shows 'No Service' or 'SOS Only' without any apparent coverage reason
- You receive AT&T SMS or email alerts about a SIM change or port request you did not initiate
- Password-reset codes for email or banking accounts are sent to your number but you never receive them
- You cannot log in to your AT&T account despite using the correct password
- Unexpected login notifications arrive on a secondary email address from financial services you use
- AT&T emails confirm a device or SIM change at a time or address you do not recognise
How to protect yourself
- Set a strong, unique AT&T account PIN — not your birthday or last four of SSN — by logging in to att.com or calling 611
- Enable AT&T's optional SIM Protection or Port Freeze feature to require in-store verification for any SIM change
- Switch critical accounts (email, banking) from SMS-based two-factor to an authenticator app such as Google Authenticator or Authy, or use a hardware security key
- Use a unique email address for your AT&T account that is not publicly linked to your identity
- Monitor your credit with all three bureaus and consider a credit freeze to prevent new accounts being opened in your name
- If your phone loses service unexpectedly, call AT&T immediately from another phone and ask them to check for recent SIM activity on your account
How to report it
- Call the AT&T fraud line at 877-844-5584 or visit an AT&T store with photo ID to report the unauthorised SIM swap and reclaim your number
- File a complaint with the FTC at reportfraud.ftc.gov and the FBI Internet Crime Complaint Center at ic3.gov
- Report to your state Attorney General's office, as SIM swap is a criminal offence in most US states
- Notify your bank and any affected financial institutions immediately to freeze accounts and reverse any fraudulent transfers
- File an identity theft report at identitytheft.gov for a personalised recovery plan
Frequently asked questions
How do I know if I have been SIM-swapped on AT&T?
The clearest sign is that your phone suddenly loses all mobile service — calls, texts, and data stop working. You may also receive email alerts about a SIM or account change you did not make. Call AT&T from another device immediately.
Can AT&T reverse a fraudulent SIM swap?
Yes. AT&T can reassign your number back to your original SIM if you verify your identity in person or over the phone. Act quickly, as attackers move fast once they control your number.
Is SMS two-factor authentication safe to use with AT&T?
SMS-based 2FA is better than nothing but is the weakest form of second-factor authentication because it depends on your phone number staying under your control. Use an authenticator app or hardware key wherever possible for high-value accounts.