Can a scammer clone my SIM card?
SIM cloning is technically possible on older SIM cards but rare; SIM swapping — convincing your carrier to transfer your number to a new SIM — is far more common and effective.
Last reviewed: 10 June 2026
Explanation
True SIM cloning involves copying the unique identifier (IMSI) and authentication key stored on your physical SIM onto a blank card using specialised hardware. This was feasible on older 2G-era SIMs but modern SIM cards use encryption that makes physical cloning extremely difficult without cooperation from the manufacturer. For most consumers, physical cloning is not a realistic everyday threat.
SIM swapping is the real-world equivalent that scammers use instead. They call your carrier, use personal details gathered from social media or data breaches to pass security questions, and request that your number be ported to a SIM card they control. Once the transfer is approved by the carrier, all calls and texts meant for you — including bank OTPs — go to the attacker's phone.
eSIM fraud is a newer variant: scammers request an eSIM QR code for your number to be sent to a device they control, effectively achieving the same result as a SIM swap without needing a physical SIM card. Carriers are increasingly aware of this risk and adding extra verification steps.
Your best defences are a SIM-lock PIN (separate from your regular account password) set with your carrier, and replacing SMS-based two-factor authentication with an authenticator app or hardware key for your most sensitive accounts.
Common red flags
- Your phone shows 'No service' or 'SIM not registered' unexpectedly
- You stop receiving calls and texts with no apparent reason
- Your carrier sends a confirmation email or text about a SIM change you didn't make
- You receive OTPs for accounts you weren't trying to access
- Someone calls pretending to be your carrier, asking to confirm your account details
- Bank or email password-reset texts never arrive
What to do now
- Call your carrier immediately if you suspect a SIM swap — ask them to freeze your account
- Set a SIM-lock PIN or verbal passcode with your carrier right now, before any incident
- Switch important accounts from SMS 2FA to an authenticator app
- Change passwords for your email and bank from a device not connected to your number
- Report the incident to your national telecom regulator and cybercrime unit
- Check your financial accounts for unauthorised transactions
- Alert your bank so it can flag your account for suspicious activity
Frequently asked questions
How do I set a SIM-lock PIN with my carrier?
Log in to your carrier's account portal or call customer service. Look for 'SIM protection', 'port protection', or 'account security PIN'. This PIN must be given before any SIM change is approved.
Can a scammer do a SIM swap if I have two-factor authentication enabled?
If your 2FA uses SMS, a successful SIM swap defeats it entirely — which is why switching to an authenticator app or hardware key is so important.