SIM Swap Scams in Switzerland
Criminals port Swiss mobile numbers to their own SIMs to intercept SMS authentication codes and drain e-banking accounts.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
Switzerland's mobile market is dominated by Swisscom, Salt, and Sunrise, all of which use SMS-based two-factor authentication as a common e-banking security layer. SIM-swap fraud exploits this by persuading or bribing a carrier representative to transfer a victim's number to a scammer-controlled SIM, then using it to reset online banking and crypto exchange passwords.
The NCSC and Swiss Banking have warned about the attack vector, and carriers now require stricter identity verification, but social-engineering of retail staff remains a known weak point. Losses in a single overnight attack can run to tens of thousands of CHF.
How this scam works on Switzerland
Attackers first harvest victim personal data through phishing emails, data-breach leaks, or social media to answer carrier security questions. They then visit a store or call customer service impersonating the victim, requesting a SIM replacement.
Once the port completes, the victim's phone loses signal. The attacker rapidly initiates password resets for e-banking and investment platforms, intercepts SMS OTPs, and transfers funds before the victim realises the number has been ported.
Crypto exchange accounts linked to Swiss mobile numbers are particularly attractive targets because withdrawals can be irreversible within minutes.
Common red flags
- Your phone unexpectedly loses all mobile signal in an area with normal coverage
- You receive carrier SMS alerts about a SIM change you did not request
- Unexpected password-reset emails arrive for banking or crypto accounts
- Carrier customer service confirms a recent SIM swap you do not recognise
- Unusual login attempts to e-banking detected in your security log
How to protect yourself
- Add a strong verbal or PIN-based SIM-lock to your Swisscom, Salt, or Sunrise account in-store
- Switch to app-based authentication (e.g. TOTP or a dedicated authenticator app) instead of SMS 2FA wherever possible
- Use a separate, unpublished SIM for banking authentication only
- Regularly check your carrier account online for unauthorised changes
- Set up out-of-band alerts on your e-banking app so you are notified of large movements
- Enable IP and device allow-listing in your e-banking security settings where available
How to report it
- Call your carrier's fraud line immediately and request an emergency port-freeze
- Contact your bank's 24-hour fraud line to block outgoing transactions
- File a criminal complaint with cantonal police and the NCSC at ncsc.admin.ch
Frequently asked questions
How quickly can a SIM-swap attack drain my account?
Attackers typically move within 30–60 minutes of completing the swap, while the victim is unaware. Speed of response to carrier and bank is critical.