SIM Swap Protection

Preventing attackers from hijacking your phone number.

What is SIM Swapping?

SIM swapping (or SIM hijacking) is a type of account takeover fraud where an attacker convinces your mobile phone carrier to transfer your phone number from your legitimate SIM card to a SIM card controlled by the attacker. Once they control your number, they can intercept calls and text messages, including SMS-based Multi-Factor Authentication (MFA) codes, potentially gaining access to your sensitive accounts (email, banking, social media, crypto).

How SIM Swapping Happens

Attackers typically use one or more of these methods:

Social Engineering

The most common method. Attackers gather personal information about you (often from data breaches or social media) and use it to impersonate you when contacting your mobile carrier's customer support. They might claim your phone/SIM was lost or damaged and request activation on a new SIM card they possess.

Insider Threats

A corrupt employee at the mobile carrier might be bribed or coerced into performing the unauthorized SIM swap.

Carrier Account Takeover

If an attacker gains access to your online mobile carrier account (through phishing, weak passwords, or data breaches), they might be able to initiate a SIM swap directly through the account portal.

Protection Measures

Protecting yourself requires layers of defense:

Set a Strong PIN/Passcode with Your Carrier

Contact your mobile carrier (or check their online portal/app) and set up a unique account PIN or passcode. This PIN should be required by customer service before making significant account changes like porting a number or swapping a SIM. Do *not* reuse common PINs or easily guessable information.

Enable Port-Out/Number Lock Protection

Many carriers offer specific features to prevent your number from being transferred (ported) to another carrier or swapped to a new SIM without additional verification or authorization. Ask your carrier specifically about "Port Protection," "Number Lock," or similar features and enable them.

SIM Protection Checklist

  • Set up a strong PIN/passcode with your mobile carrier
  • Enable port-out protection or number lock features
  • Use app-based 2FA instead of SMS where possible
  • Monitor account activity for unauthorized changes