What is a SIM swap attack?

It's when a criminal transfers your phone number to a SIM card they control, usually by impersonating you to your carrier, so they can intercept your calls and verification codes.

How do I prevent SIM swapping?

Set a carrier PIN or passcode, use authenticator apps or hardware keys instead of SMS codes, secure your email, and limit how much personal information about you is publicly available.

How do I know if I've been SIM swapped?

The clearest sign is your phone suddenly losing all service in a normal coverage area, often alongside unexpected account lockouts or password-reset alerts.

SIM Swapping: How It Works and How to Protect Yourself

Your phone number has quietly become a master key. It receives the verification codes that unlock your email, bank and social accounts. SIM swapping is the attack that turns that convenience against you: a criminal convinces your carrier to move your number to their device, then uses it to seize control of your digital life. It's one of the most damaging phone-based attacks, and understanding it is the best defense.

What is SIM swapping?

SIM swapping — also called SIM hijacking or a port-out scam — is when an attacker transfers your phone number from your SIM card to one they control. Once the number is theirs, every call and text meant for you, including one-time security codes, goes to them instead. Your own phone typically loses service, often the first sign that something is wrong.

How attackers pull it off

SIM swapping relies on social engineering more than technical hacking. The attacker gathers personal details about you — often from data breaches, social media or phishing — then contacts your carrier impersonating you. Claiming a lost or damaged phone, they request that your number be activated on a new SIM. If the carrier's identity checks are weak or the attacker has enough of your information, the swap succeeds.

Why your phone number is so valuable

The reason this attack is so lucrative is our widespread reliance on text-message verification. Many services send a one-time code by SMS to confirm your identity. If a criminal controls your number, they can request these codes and reset passwords for email, banking, cryptocurrency and social accounts. Email is especially critical, because controlling it often lets them reset everything else.

Whoever controls your phone number can often control the codes that protect your most important accounts. That's why guarding the number itself matters so much.

Warning signs of a SIM swap

Speed matters, so recognize the signals early:

Your phone suddenly loses all signal and can't make calls or texts in a normal coverage area.
You receive unexpected notifications about a SIM change or number transfer.
You're locked out of accounts, or get alerts about password resets you didn't request.
Friends report messages from you that you never sent.

If your phone unexpectedly goes dead and you can't restore service, treat it as a possible SIM swap and act immediately.

How to protect yourself

Several concrete steps dramatically reduce your risk:

Add a carrier PIN or passcode. Most carriers let you set a secret code required for any account changes — this is the single best defense.
Use app-based or hardware authentication. Prefer authenticator apps or security keys over SMS codes for two-factor authentication wherever possible.
Lock down your email. Protect your primary email with the strongest available authentication, since it's the gateway to other accounts.
Limit personal data exposure. The less attackers can learn about you, the harder impersonation becomes.
Be alert to phishing. Don't hand over personal details in response to unsolicited calls, texts or emails.

What to do if you're hit

If you suspect a SIM swap, act fast. Contact your carrier immediately from another phone to regain control of your number and lock the account. Then secure your most important accounts in order of sensitivity — email first, then financial accounts — by changing passwords and reviewing recent activity. Report the incident to your bank and to relevant authorities, and enable stronger, non-SMS authentication once you're back in control. The faster you move, the less damage an attacker can do.

The bigger lesson

SIM swapping exposes a deeper truth: a phone number is an identity asset worth protecting like a password. Treat requests for account changes with suspicion, prefer authentication methods that don't depend on SMS, and set that carrier PIN today. A few minutes of preparation can prevent a catastrophe.

Recognizing a SIM swap in progress

SIM-swap attacks often reveal themselves through a sudden, unexplained loss of mobile service. If your phone abruptly shows 'no service' or 'SOS only' in a place where it normally works fine — and especially if it happens right after a suspicious call or message — treat it as a possible attack rather than a glitch. The attacker has potentially convinced your carrier to move your number to their device, cutting yours off in the process.

Speed matters enormously here. The window between a successful SIM swap and the attacker draining accounts can be very short, because they immediately use your number to intercept verification codes and reset passwords. The moment you suspect a swap, contact your carrier through another line to lock the account, then secure your most sensitive accounts — email and banking first — from a device you control.

Hardening your accounts in advance

The strongest protection is preparation. Add a PIN or passcode to your mobile carrier account so no one can authorize a SIM change without it. Move your important accounts off SMS-based verification and onto an authenticator app or hardware key, since app-based codes can't be intercepted by a SIM swap. And keep your recovery email itself locked down with strong, app-based two-factor authentication, because it's often the master key an attacker is really after.

Why your phone number became a target

SIM swapping is ultimately an attack on the assumption that controlling a phone number proves identity. For years, services have used your number as a convenient way to verify you and recover accounts — which means seizing the number can unlock a startling amount of your digital life. Understanding this is empowering: it tells you exactly where to focus, namely reducing how much your security depends on a phone number that someone else might steal.

A SIM-swap defense checklist

Because SIM-swap attacks move fast, your defenses should be set up well in advance. Add a PIN or passcode to your mobile carrier account so no one can authorize a number transfer without it. Move your most sensitive accounts — email and banking first — off SMS verification and onto an authenticator app or hardware key. Lock down your recovery email with strong, app-based two-factor authentication. And know the warning sign: a sudden, unexplained loss of mobile service may mean your number has been moved to someone else's device.

If you ever spot that warning sign, act immediately. Use another line to contact your carrier and lock the account, then secure your email and financial accounts from a device you control. The speed of your response is what limits the damage, because the attacker's window for intercepting codes and resetting passwords is short. Preparation plus a fast reaction is what defeats an attack built entirely on hijacking your phone number.

Key takeaway

SIM swapping moves your phone number to a criminal's device so they can intercept verification codes and hijack your accounts. Protect yourself with a carrier PIN, app-based or hardware two-factor authentication instead of SMS, a locked-down email account, and minimal personal-data exposure. If your phone suddenly loses service, act immediately.