What is SIM swapping?
SIM swapping is a type of account takeover where a fraudster convinces your mobile carrier to transfer your phone number to a SIM card they control, giving them access to all SMS-based two-factor authentication codes sent to your number.
Last reviewed: 10 June 2026
Explanation
Your phone number has become a master key for online security. When you forget a password, your bank texts you. When you log in to email, a code goes to your phone. SIM swapping hijacks that key by exploiting the process carriers use to move a number to a new SIM — for example, when you get a new phone.
Attackers gather personal information about you from data breaches, social media, or phishing. Armed with enough of your details, they call your carrier and impersonate you, claiming to have a new SIM and needing the number ported. Some attacks involve bribing or socially engineering carrier store employees. Once the swap goes through, your phone loses signal and the attacker starts receiving your calls and texts.
Within minutes they can reset passwords on your email, then your bank accounts, crypto wallets, and anything else linked to that number. The attack window before detection can be small but the damage enormous.
Protecting yourself means reducing your reliance on SMS-based 2FA. Switch to authenticator apps (like Google Authenticator or Authy) or hardware security keys for critical accounts. Also set a PIN or passcode with your mobile carrier that must be provided before any SIM change.
Common red flags
- Your phone suddenly loses all signal or shows 'No Service' unexpectedly
- You can no longer make or receive calls or texts
- You receive emails about account changes or password resets you did not initiate
- Your carrier account shows a recent SIM change you did not authorise
- Login alerts appear for services you use, from unfamiliar locations
What to do now
- Call your carrier immediately from another phone or visit a store to reclaim your number
- Change passwords on email, banking, and crypto accounts using a device not linked to your phone number
- Switch all critical accounts from SMS 2FA to an authenticator app or hardware key
- Set a SIM-lock PIN with your carrier to require it for any future number transfer
- Report the fraud to police and your carrier's fraud team
- Contact your bank if any financial accounts may have been accessed
Frequently asked questions
How do I stop a SIM swap from happening to me?
Set a SIM-lock or account PIN with your carrier. Reduce use of SMS-based 2FA in favour of authenticator apps or hardware keys. Minimise the personal information you share publicly online that could be used to impersonate you.
Can SIM swapping be used to steal cryptocurrency?
Yes — this is a primary motivation. Crypto wallets and exchange accounts that use SMS-based 2FA are particularly vulnerable. Hardware wallets and non-SMS 2FA are essential safeguards for significant crypto holdings.