SIM-Swap Scams in Malta
SIM-swap attacks in Malta target mobile banking customers and crypto holders by porting phone numbers to fraudster-controlled SIMs to bypass two-factor authentication.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
SIM-swap fraud has become a significant concern in Malta as mobile banking penetration has grown. Attackers contact Maltese mobile carriers — BOV, HSBC, Melita, Epic, or GO — posing as the account holder and claiming a lost or damaged SIM. Once the number is ported to a fraudster-controlled SIM, incoming SMS authentication codes for banking, email, and crypto accounts are intercepted.
Malta's small population means social-engineering attacks can leverage information found on social media to convincingly impersonate victims to carrier support staff. Crypto wallet holders are particularly at risk, as control of a phone number can provide access to exchange accounts via SMS two-factor authentication.
How this scam works on Malta
An attacker harvests personal details about the victim from social media, data-breach databases, or phishing attacks. They then call a Maltese mobile carrier's customer service line, pass basic security questions using the harvested data, and request a SIM swap or port — claiming the original SIM has been lost or damaged.
Once the number is on the attacker's SIM, they reset passwords for the victim's bank accounts, email, and crypto exchange accounts using the intercepted SMS codes. Funds are transferred within minutes. By the time the victim notices their phone has lost signal, significant financial damage has occurred.
Some attacks begin with phishing to extract partial account credentials, which are then combined with the SIM swap for a fully automated attack on crypto exchange accounts.
Common red flags
- Your phone unexpectedly loses signal or shows 'No Service' without an obvious cause.
- You receive SMS verification codes you did not request.
- You are logged out of email or banking accounts unexpectedly.
- Your mobile carrier sends a notification about a SIM change you did not initiate.
- Unfamiliar login alerts arrive for your online accounts.
How to protect yourself
- Add a SIM-lock PIN or port-freeze to your mobile account with your Maltese carrier.
- Replace SMS two-factor authentication with an authenticator app (e.g., Google Authenticator or Authy) wherever possible.
- Use a unique, strong password for your email account — it is the master key to all other accounts.
- Do not post information on social media that could answer account-security questions (birthplace, pet names, school).
- Contact your carrier immediately if your phone loses signal unexpectedly.
- Enable biometric or hardware-key authentication on crypto exchange accounts.
How to report it
- Call your mobile carrier immediately and request the fraudulent SIM be deactivated.
- Report to the Malta Police Force Cyber Crime Unit.
- Notify your bank and all affected services at once to freeze accounts.
Frequently asked questions
Can Maltese mobile carriers prevent SIM swaps?
Yes — all major Maltese carriers can add extra verbal or PIN verification requirements for SIM changes. Contact your carrier proactively to add a port-freeze or SIM-lock PIN before an attack occurs.