SIM Swap Scams in Peru
SIM swap fraud in Peru exploits weaknesses in Claro, Movistar, and Entel carrier verification to seize Yape and BCP mobile banking accounts via stolen OTPs.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
Peru's adoption of Yape (BCP) and other mobile payment apps has made SIM swap attacks highly lucrative for fraudsters. By convincing a carrier — Claro, Movistar, or Entel — to issue a replacement SIM, attackers intercept all SMS OTPs and gain access to banking and payment apps linked to the victim's mobile number.
OSIPTEL (Peruvian telecoms regulator) has imposed requirements on carriers to strengthen identity verification for SIM replacements, but social engineering at the carrier level remains the primary attack vector. Victims typically discover the fraud after their phone loses signal.
How this scam works on Peru
An attacker collects victim information — DNI number, date of birth, address — from social media, phishing, or purchased data. They visit a carrier store or call customer service claiming a lost or damaged SIM, presenting sufficient identity information to pass verification. Once the number is ported, all SMS OTPs for Yape, BCP, BBVA, and Interbank are received by the attacker.
Within minutes, the attacker logs into Yape or the bank's mobile app using the phone number plus an OTP received on the new SIM. Funds are transferred via Yape or bank transfer to mule accounts and quickly withdrawn from ATMs in cash. The victim's phone shows no signal — the first sign of an attack.
Data from Peruvian data breaches (including government database leaks) that expose DNI numbers are an important input for attackers planning SIM swaps.
Common red flags
- Phone unexpectedly loses all signal in an area with normal coverage
- Text message from your carrier about a SIM replacement you did not request
- Yape or bank app notifications of transactions you did not initiate
- Unexpected OTP SMS messages while you are not performing any activity
- Carrier sends a port confirmation email or message you did not initiate
How to protect yourself
- Call your carrier (Claro 123, Movistar 700-74-74, Entel 9999) immediately if your phone loses signal
- Set a unique verbal security PIN with your carrier for SIM replacement requests
- Replace SMS OTP with app-based authenticators where your bank allows
- Minimise DNI and personal data shared on social media
- Enable transaction alerts on all financial apps for real-time monitoring
- Set daily transfer limits on Yape and banking apps to reduce loss exposure
How to report it
- Call your carrier immediately to cancel the SIM swap and restore your number
- Contact your bank's fraud line simultaneously to freeze Yape and account transactions
- Report to OSIPTEL at osiptel.gob.pe for carrier-level vulnerability reporting
Frequently asked questions
Can Yape transactions be reversed after a SIM swap attack?
BCP's fraud team can investigate and in some cases reverse Yape transactions made fraudulently, but this is not guaranteed. Contacting BCP's fraud line (toll-free 0-800-1-9898) within minutes of discovery maximises the chance of recovery.