SIM Swap Scams on Instagram
Attackers harvest personal details from public Instagram profiles and Stories to assemble the information needed to impersonate account holders to their mobile carrier, enabling SIM swap fraud.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
Instagram's visual storytelling format encourages users to share personal milestones — birthdays, travel locations, family celebrations, and career announcements — that collectively provide a rich dossier for social engineers. An attacker who follows a target's public account for a short period can accumulate enough detail to convincingly impersonate that person to a carrier's customer service representative.
Highly followed public figures, influencers, and creators are at elevated risk because their personal information is aggregated by large audiences including bad actors, and their phone numbers are more likely to be known through business contact information in their bio.
How this scam works on Instagram
An attacker reviewing a public Instagram profile notes the account holder's full name, birthday (often shared in celebration posts), location (inferred from tagged locations and Stories), and family members' names. Cross-referencing with the account's linked contact email or website reveals further details. This information is used to answer carrier security questions during a SIM swap call.
Some attackers directly engage with public accounts using fake profiles, building brief interactions that lead to a request for a phone number under a plausible pretext. A follower who messages with praise for a creator's work and eventually asks 'what number should I reach you on for a collaboration?' may receive the phone number they need without the account holder recognising the risk.
Instagram business accounts that list phone numbers in their contact section are particularly targeted, as the number is already publicly accessible.
Common red flags
- Public Instagram bio lists your primary phone number as a contact method
- Birthday, home city, and family details are all visible in your public posts and Stories
- Your phone number was found in a data breach notification linked to an Instagram-connected service
- Sudden loss of phone service despite being in a normal coverage area
- Unexpected password reset emails or login notifications from accounts linked to your phone number
How to protect yourself
- Remove your primary phone number from your Instagram bio and replace it with a dedicated business contact line or email if needed
- Review your public post history and restrict birthday, location, and family-related posts to followers or close friends
- Add a SIM lock PIN to your carrier account and request that number ports require in-store identity verification
- Replace SMS two-factor authentication with an authenticator app on all accounts where available
- Monitor your phone number for breach exposure using dedicated security notification services
How to report it
- Report accounts that attempt to harvest personal information through suspicious engagement to Instagram
- Contact your carrier's fraud department immediately if you suspect a SIM swap has occurred
- File a report with your national cybercrime authority if financial accounts were accessed following the swap
Frequently asked questions
Should Instagram creators use a separate phone number for their public contact information?
Yes. Using a secondary number or a VoIP number for public business contact rather than your primary mobile number significantly reduces the risk of a SIM swap. Your primary number should be protected by a carrier PIN and used only for accounts requiring SMS authentication.