How To Recover After a SIM-Swap Attack

First 10 minutes

1. Call your mobile carrier using a different phone or online chat and report an unauthorised SIM or number port
2. Ask them to freeze your account and reverse any changes made in the last 24 hours
3. Call your bank directly and tell them your phone number may be compromised
4. Ask your bank to temporarily disable SMS-based two-factor authentication on your account
5. Change your email password from a device not linked to the compromised phone number

First 24 hours

1. Change passwords for banking, email, and any account that uses SMS-based verification
2. Switch all critical accounts to app-based two-factor authentication (e.g. an authenticator app)
3. Report the SIM-swap to your national cybercrime unit and file a police report

Contact your bank or payment provider

1. Alert your bank to the potential SIM-swap immediately — some banks have specific SIM-swap fraud protocols
2. Ask to review all recent transactions and flag any you do not recognise
3. Discuss adding a verbal passcode or branch-visit requirement for high-value transactions

Evidence to preserve

• ☑Ask your carrier for a full log of account changes and note the time the SIM or port occurred
• ☑Check your bank and email accounts for any logins or transactions around the same time
• ☑Keep records of all calls with your carrier

Secure your accounts and devices

• Replace SMS-based 2FA with an authenticator app on all critical accounts
• Add a carrier-level PIN or security phrase to prevent future SIM changes
• Review all accounts that send one-time codes to your phone number

Report it

1. Report to your national fraud/cybercrime service
2. Report to the platform, bank, or provider involved
3. Keep any reference numbers you're given

Frequently asked questions

Sources

• FTC Consumer Advice — Scams
• UK Action Fraud