SIM Swap Scams on Telegram
Telegram channels and groups are used to coordinate SIM swap attacks and advertise SIM swap services, targeting cryptocurrency holders and high-value account owners by offering to hijack phone numbers on demand.
Part of: SIM Swap Scams
Last reviewed: 1 June 2026
Within certain Telegram communities focused on cybercrime-as-a-service, SIM swap attacks are treated as a commercial offering — buyers post requests specifying a target's phone number and pay operators who have either compromised carrier employees or refined social engineering scripts effective against carrier support lines.
The encrypted, pseudonymous nature of Telegram makes these marketplaces difficult for law enforcement to disrupt. Victims whose phone numbers are sold in these channels are typically high-value targets: cryptocurrency holders, social media influencers, or individuals known to have valuable online accounts.
How this scam works on Telegram
Operators advertise SIM swap services in private Telegram channels, claiming success rates with specific carriers and pricing based on account value or urgency. A buyer — often a cryptocurrency thief targeting a specific wallet address they have linked to a public identity — places an order with the target's phone number and carrier details.
On the other side, Telegram is used to recruit carrier insiders — employees who are paid to approve fraudulent SIM transfers for customers they can access in their company systems. These recruitment posts appear in privacy-focused or money-making communities rather than explicitly criminal ones.
Some Telegram bots automate parts of the fraud by matching phone numbers to carrier accounts using leaked databases, helping attackers build dossiers before attempting the swap.
Common red flags
- Phone signal drops and does not recover despite being in a normal coverage area
- Carrier sends an account activity notification for a change you did not request
- SMS authentication codes stop arriving for accounts you regularly access
- You receive messages from contacts asking about unusual activity on accounts associated with your number
- Your number has been publicly associated with a cryptocurrency address or high-value online identity
How to protect yourself
- Remove or minimise public associations between your real phone number and cryptocurrency holdings or high-value social accounts
- Use a dedicated, unlisted phone number solely for authentication purposes rather than your primary number
- Activate a SIM lock PIN with your carrier and request that number ports require in-store identity verification
- Replace SMS two-factor authentication with hardware security keys or TOTP authenticator apps across all important accounts
- Regularly search your phone number in data breach databases to know when it has been exposed
How to report it
- Report Telegram channels or bots offering SIM swap services by forwarding a message to @notoscam or using the report feature
- Contact your carrier fraud team and request an immediate investigation if a swap has been executed
- Report to your national cybercrime authority, particularly if cryptocurrency was stolen as a result
Frequently asked questions
Why do SIM swap attackers target cryptocurrency holders specifically?
Cryptocurrency transactions are irreversible, making them ideal for theft. Many exchanges and wallets use phone numbers as a recovery method. An attacker who controls your phone number can bypass SMS-based authentication and transfer funds before you are aware the swap has occurred.