SIM Swap Scams via Phone Calls
Fraudsters call mobile carriers impersonating the account holder to transfer the victim's phone number to a SIM they control, intercepting SMS authentication codes.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
A SIM swap attack requires little direct contact with the victim, but phone calls are central to the fraud — the attacker calls the mobile carrier's customer service line, poses as the account holder, and socially engineers staff into porting the number to a new SIM card. From that moment, all calls and texts to the victim's number arrive on the attacker's device.
This is devastating because many online services rely on SMS codes for two-factor authentication. With the number in hand, the attacker can reset passwords on email, banking, and cryptocurrency accounts — effectively taking over a victim's entire digital life within minutes.
How this scam works on Phone calls
Before calling the carrier, attackers typically gather personal information — name, address, date of birth, account PIN — from data breaches, phishing, or social-media profiles. They use this to answer the carrier's identity questions convincingly. Some also call the victim first, posing as the carrier asking to 'verify account details', harvesting the exact answers needed for the carrier call.
The victim usually notices when their phone loses service: it can no longer make calls or receive texts. By the time they realise what has happened, the attacker may have already initiated account-resets and fund transfers.
Common red flags
- Your phone suddenly loses all service with no network explanation
- An unusual call from someone claiming to be your carrier, asking to verify your PIN or account details
- Alerts that a new SIM has been activated on your account
- Unexpected password-reset emails or texts for important accounts
- Inability to log into online banking or email despite using the correct password
How to protect yourself
- Set a unique, hard-to-guess PIN or passphrase with your mobile carrier specifically to prevent SIM changes
- Use an authentication app (rather than SMS) for two-factor authentication on critical accounts
- Limit the personal information you share publicly online — it is the fuel for social engineering
- If your phone loses service unexpectedly, contact your carrier immediately from another device
- Consider a port-freeze or account lock with your carrier if available in your region
How to report it
- Contact your mobile carrier immediately on a number sourced independently to reverse the SIM swap
- Report to Action Fraud, the FTC, or your national fraud authority
- Notify affected banks and service providers so they can add extra monitoring to your accounts
Frequently asked questions
How quickly can damage occur after a SIM swap?
Very quickly — attackers may have automated scripts ready to reset account passwords and initiate transfers the moment the port completes. Victims sometimes report losing access to multiple accounts within five to fifteen minutes of the swap.