How do I protect my phone number from a SIM-swap scam?
Add a SIM-lock PIN or port-freeze to your mobile account, and switch important accounts to app-based two-factor authentication so your phone number is no longer the key to your finances.
Last reviewed: 10 June 2026
Explanation
SIM swapping is an identity-theft technique where a fraudster contacts your mobile carrier pretending to be you, provides enough personal information to pass identity checks, and convinces a representative to transfer your phone number to a SIM card the fraudster controls. From that moment, any SMS verification code sent to your number goes to the attacker.
Every major US carrier allows you to add a port-out PIN or account passcode that must be provided before any SIM change or number transfer. This is separate from your regular account password. Call or visit your carrier's store and ask specifically for a SIM lock, number-lock, or port-out restriction. Some carriers call it an account security PIN. Set it to something you have not used elsewhere.
Beyond the carrier-side fix, reduce the blast radius by migrating 2FA on your most important accounts away from SMS. An authenticator app generates time-based codes locally on your device, so a SIM swap does not compromise it. For the highest-value accounts — crypto exchanges, investment platforms, primary email — consider a physical security key such as a YubiKey, which is immune to both SIM swapping and phishing.
Scammers often gather the personal information needed for a SIM swap from data breaches, social media, and phishing emails. Minimise your public-facing personal details, and be suspicious of unexpected calls or texts from your carrier asking you to confirm account information.
Common red flags
- Your phone suddenly loses all signal while others nearby have service
- Carrier sends a SIM-change or port-out confirmation you did not initiate
- You stop receiving calls and SMS messages unexpectedly
- Login alerts or password-reset emails arrive in quick succession
- Caller claiming to be carrier support asks for your account PIN or last four of SSN
- Unexpected two-factor codes arriving when you are not trying to log in anywhere
What to do now
- Call your carrier today and add a SIM-lock PIN or port-out restriction
- Switch 2FA on banking, email, and crypto accounts to an authenticator app
- Set a strong unique password on your carrier account, separate from other passwords
- If you already suspect a swap has occurred, call your carrier immediately to reclaim your number
- Change passwords and revoke sessions on any accounts that use your number for recovery
- File a report with the FTC and FBI IC3 if accounts were accessed
Frequently asked questions
How do I know if a SIM swap has already happened?
The clearest sign is that your phone loses service — calls go straight to voicemail and texts stop arriving — while those around you have normal signal. You may also receive a burst of account-activity notifications just before or after the signal drops.
Will a SIM lock completely prevent a swap?
A SIM-lock PIN significantly raises the bar, but determined attackers have bypassed them through social engineering of carrier staff. Combining a PIN with app-based 2FA on important accounts gives layered protection.
Is a SIM swap the same as phone cloning?
No. Phone cloning copies a physical device's identity through technical means and is rare today. SIM swapping is a social-engineering attack on the carrier that reassigns your phone number — no physical access to your device is needed.