What is SIM swapping and how do I prevent it?
SIM swapping is when a fraudster convinces your mobile carrier to transfer your phone number to a SIM they control, giving them your calls and texts including banking OTPs; prevention centres on a carrier SIM-lock PIN and switching to authenticator-app 2FA.
Last reviewed: 10 June 2026
Explanation
SIM swapping exploits the carrier's account recovery process. When a customer reports a lost or damaged phone, a carrier employee will transfer the customer's number to a new SIM. Scammers call carriers pretending to be the account holder, armed with personal details gathered from data breaches, social media, or phishing. If they convince the agent to perform the swap, they gain control of the victim's phone number.
With the number under their control, the attacker receives all calls and SMS messages, including the one-time passcodes that banks and other services send for login verification or transaction approval. Combined with passwords obtained through phishing or credential stuffing, this defeats SMS-based two-factor authentication.
The window between the swap and the victim realising their service is gone can be as little as a few hours — time for an attacker to access banking, email, and other accounts, change recovery details, and initiate transfers.
Carrier-side prevention: ask your carrier to add a SIM-lock PIN, verbal password, or port-freeze flag to your account. This means any future SIM change request — legitimate or fraudulent — requires providing this code. In some countries, number portability regulations also allow you to request a number-port lock with your carrier.
Account-side prevention: switch every account from SMS-based 2FA to an authenticator app or hardware key. A SIM swap cannot intercept TOTP codes generated on a physical device the attacker doesn't have.
Common red flags
- Your phone loses service and shows 'No service' or 'SIM not registered' unexpectedly
- You stop receiving texts and calls with no explanation
- Your carrier sends an email or text confirming a SIM change you didn't request
- OTP codes start arriving for accounts you weren't accessing
- You are locked out of accounts minutes after losing phone service
What to do now
- Call your carrier and add a SIM-lock PIN or verbal security code to your account today
- Ask your carrier about a 'port freeze' or 'number lock' feature if available
- Switch all SMS-based 2FA accounts to authenticator apps or hardware security keys
- Set up login notifications on your key accounts so you are alerted to any access
- If a swap happens, call your carrier's fraud line immediately for an emergency port reversal
- Change passwords for key accounts from a different device if a swap is suspected
Frequently asked questions
Are some carriers better at preventing SIM swaps than others?
Yes — carriers vary significantly in their identity verification requirements for SIM changes. Research your specific carrier's security options and escalate if you are unhappy with the protections offered.
I have a SIM-lock PIN — am I now protected from SIM swapping?
A SIM-lock PIN is a strong deterrent and significantly raises the bar for an attacker. It is not infallible — a social engineering attempt that bypasses the PIN check is possible but much harder. Combine it with authenticator-app 2FA for defence in depth.