SIM Swap Scams in Iceland
SIM swap attacks targeting Icelanders exploit weaknesses in Síminn and Nova carrier authentication to seize online banking and payment accounts via stolen OTPs.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
SIM swap fraud in Iceland exploits the country's near-universal mobile banking adoption and heavy reliance on SMS OTPs for authentication. By convincing Síminn or Nova — Iceland's main carriers — to replace a SIM without the genuine owner's consent, fraudsters intercept banking OTPs and drain accounts within minutes.
The Post and Telecom Administration (PTA/Fjarskiptastofa) regulates carriers and can investigate complaints about inadequate SIM replacement procedures. Iceland's small population means that data sufficient for social engineering (name, address, kennitala) is often accessible through public records.
How this scam works on Iceland
An attacker gathers the victim's kennitala (national ID), address, and personal details through public records, social media, or phishing. They contact the carrier claiming a lost or damaged SIM and use the collected information to pass identity checks. Once the swap is complete, banking app OTPs are received by the attacker.
Icelandic banking apps from Arion Bank, Íslandsbanki, and Landsbankinn rely heavily on SMS OTP or Auðkenni (Iceland's national digital identity app). Accounts where Auðkenni is the primary authentication are harder to compromise via SIM swap; SMS-dependent accounts are more vulnerable.
Victims notice the attack when their phone suddenly loses signal, usually in the early hours when the attacker acts to minimise the chance of an immediate response.
Common red flags
- Phone unexpectedly loses signal — call your carrier immediately from another device
- SMS from Síminn or Nova about a SIM replacement you did not request
- Banking app shows transaction alerts you did not initiate
- Authentication messages arriving on the device you are not currently using
How to protect yourself
- Set a PIN or verbal security code on your Síminn or Nova account for SIM changes
- Switch from SMS OTP to Auðkenni (app-based national ID) for banking wherever possible
- Limit public exposure of your kennitala on social media and public profiles
- Enable real-time transaction alerts on all bank accounts
- Contact your carrier and bank simultaneously the moment your phone loses signal unexpectedly
How to report it
- Call your carrier immediately (Síminn: 800-7000, Nova: 519-1000) to reverse the port
- Call your bank's fraud line to freeze accounts and reverse transactions
- Report to PTA (Fjarskiptastofa) at fjarskiptastofa.is for carrier-level complaints
Frequently asked questions
Is Auðkenni (national digital ID) safe against SIM swap attacks?
Auðkenni app-based authentication is significantly more resilient to SIM swap attacks than SMS OTP, as it is tied to the device and app rather than the phone number. Enabling Auðkenni for banking is one of the most effective defences.