SIM Swap Scams in Italy
Criminals convince Italian mobile operators to transfer a victim's number to a new SIM card, bypassing SMS-based two-factor authentication to drain bank accounts.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
SIM swap fraud — locally known as 'SIM swap' or 'frode SIM' — has become one of the most financially damaging cyber-crimes in Italy. Attackers use personal data obtained from data breaches or social-engineering calls to impersonate victims to TIM, Vodafone Italy, WindTre or Iliad customer-service departments, requesting a SIM replacement.
Once the victim's number is under attacker control, all SMS one-time passwords are intercepted, allowing fraudsters to access Italian online banking portals such as Intesa Sanpaolo, UniCredit and Fineco and authorise wire transfers. The Italian Banking Association (ABI) has flagged SIM swap as a priority banking-fraud concern.
How this scam works on Italy
Attackers typically purchase leaked personal data — name, address, codice fiscale, date of birth — from dark-web markets populated by Italian data breaches. Armed with this information, they call the operator's customer service or visit a franchise store with a forged identity document to request a SIM replacement.
The victim notices their phone loses signal — often in the evening or at a weekend when they are less likely to react quickly. Within minutes, the attacker initiates online banking transactions, authorising them via the now-controlled SMS OTP channel. By the time the victim reports the issue to their mobile operator, substantial funds may have been transferred.
Italian banks are obligated under PSD2 to implement strong customer authentication, but the SMS channel remains a weak link targeted by this method.
Common red flags
- Your phone suddenly shows 'SOS only' or no network signal without explanation
- You stop receiving calls and SMS messages unexpectedly
- Your bank sends transaction confirmation codes you did not request
- You receive a call from someone claiming to be your mobile operator asking to confirm personal details
- Unexplained bank transactions appear after a period of no phone signal
How to protect yourself
- Switch your bank's two-factor authentication from SMS to an authenticator app or hardware token where possible
- Set a SIM-change PIN or password with your Italian mobile operator
- Monitor your bank account for small test transactions which often precede larger fraud
- If you lose signal unexpectedly, call your operator immediately from another phone
- Register for SPID with a strong second factor to reduce reliance on SMS verification
How to report it
- Your mobile operator: call immediately to report an unauthorised SIM transfer and request a SIM block
- Your bank fraud team: call the number on your card to report unauthorised transactions
- Polizia Postale: commissariatodips.it — file a cyber-crime report
Frequently asked questions
Can I get money back after a SIM swap bank fraud in Italy?
Under PSD2 regulations, Italian banks are generally required to refund unauthorised transactions unless they can prove gross negligence by the customer. File a formal complaint ('reclamo') with your bank and, if unresolved, escalate to the Arbitro Bancario Finanziario (ABF).