Can a scammer drain my bank account with just my phone number?
Your phone number alone is not enough to access your bank, but scammers can use it to intercept SMS authentication codes or to impersonate you, which can lead to account takeover.
Last reviewed: 10 June 2026
Explanation
Banks require multiple credentials before allowing transfers, so a phone number by itself does not unlock your account. The danger is indirect. If your bank uses SMS one-time passcodes (OTPs) for login or transaction approval, a scammer who already has your username and password can try to intercept that OTP via SIM swapping, SS7 network attacks, or social engineering your carrier into forwarding your calls and texts.
SIM swapping is the most common route: a fraudster calls your mobile carrier, pretends to be you, claims their phone was lost, and asks for your number to be moved to a new SIM they control. Once successful, your SMS OTPs go to them rather than you. They then log in to your bank with your credentials (obtained through earlier phishing or data breaches) and approve transfers using the stolen codes.
SS7-based interception is technically sophisticated and mostly used in targeted fraud rather than mass campaigns. Social engineering attacks can also combine your phone number with other personal data to convince a bank's customer service team to reset your account.
The strongest defence is switching from SMS-based two-factor authentication to an authenticator app or hardware security key wherever your bank supports it, because those methods are tied to a physical device rather than a phone number. Also add a SIM-lock PIN with your carrier.
Common red flags
- You suddenly lose all cellular service without any known reason
- Your carrier sends a confirmation that your SIM was changed — and you didn't request it
- You receive OTP codes you didn't request, suggesting someone is trying to log in
- Unknown logins appear in your bank's recent activity
- You receive an email confirming a password reset you never initiated
- Scammer claims to 'already have' most of your details and just needs your OTP
What to do now
- Set a SIM-lock or port-freeze PIN with your mobile carrier immediately
- Replace SMS two-factor authentication with an authenticator app (Google Authenticator, Authy)
- Check your bank account for any unauthorised transactions
- If you suspect a SIM swap already happened, call your carrier and bank right away
- Change your bank password and any email password used to recover your banking login
- Enable account alerts for all transactions, no matter how small
- File a report with your national cybercrime agency if money was taken
Frequently asked questions
My bank only uses SMS OTPs — what can I do?
Ask your bank whether it offers an authenticator-app or biometric option. If not, add a SIM-lock PIN with your carrier as a fallback, and monitor your account activity daily.
Can a scammer access my account if they only know my number and not my password?
Unlikely on its own, but your number can help them reset your password if your account recovery relies on an SMS code. That is why protecting your number and your email is equally important.