Jump to content

SIM Swap Scams: How to Protect Yourself

David H. Lipman

Recommended Posts

SIM Swap Scams: How to Protect Yourself



If your cell phone is your go-to device for checking your email, paying your bills, or posting to social media, you’re not alone. So imagine that your cell phone suddenly stops working: no data, no text messages, no phone calls. Then picture getting an unexpected notification from your cellular provider that your SIM card has been activated on a new device. What’s going on? These could be signs that a scammer has pulled a SIM card swap to hijack your cell phone number.

So how do scammers pull off a SIM card swap like this? They may call your cell phone service provider and say your phone was lost or damaged. Then they ask the provider to activate a new SIM card connected to your phone number on a new phone — a phone they own. If your provider believes the bogus story and activates the new SIM card, the scammer — not you — will get all your text messages, calls, and data on the new phone.

The scammer — who now has control of your number — could open new cellular accounts in your name or buy new phones using your information.

Or they could log in to your accounts that use text messages as a form of multi-factor authentication. How? Because they’ll get a text message with the verification code they need to log in.

Multi-factor authentication (MFA) can provide extra account protection by requiring two or more credentials to log in. Besides your password, you’ll need a second credential to verify your identity. That could be something you have — like a passcode you get via text message, a security key, or an authentication app. Or something you are — like a scan of your fingerprint, your retina, or your face.

Armed with your log in credentials, the scammer could log in to your bank account and steal your money, or take over your email or social media accounts. And they could change the passwords and lock you out of your accounts.

Here’s what you can do to protect yourself from a SIM card swap attack:

  • Don’t reply to calls, emails, or text messages that request personal information. These could be phishing attempts by scammers looking to get personal information to access your cellular, bank, credit or other accounts. If you get a request for your account or personal information, contact the company using a phone number or website you know is real.
  • Limit the personal information you share online. If possible, avoid posting your full name, address, or phone number on public sites. An identity thief could find that information and use it to answer the security questions required to verify your identity and log in to your accounts.
  • Set up a PIN or password on your cellular account. This could help protect your account from unauthorized changes. Check your provider’s website for information on how to do this.
  • Consider using stronger authentication on accounts with sensitive personal or financial information. If you do use MFA, keep in mind that text message verification may not stop a SIM card swap. If you’re concerned about SIM card swapping, use an authentication app or a security key.

If you’re the target of a SIM swap scam

  • Contact your cellular service provider immediately to take back control of your phone number. After you re-gain access to your phone number, change your account passwords.
  • Check your credit card, bank, and other financial accounts for unauthorized charges or changes. If you see any, report them to the company or institution.

If you think a scammer has your information — like your Social Security, credit card, or bank account number — go to IdentityTheft.gov to see the specific steps to take.



SIM Swapping

Stay a step ahead of the scammers. Educate yourself on some of the most common frauds and scams.


What is a SIM swap?

SIM swapping, sometimes called a SIM hijacking attack, occurs when the device tied to a customer’s phone number is fraudulently manipulated. Fraudsters usually employ SIM swapping as a way to receive one-time security codes from banks, cryptocurrency exchanges, and other financial institutions.

How does SIM swapping work?

Fraudsters typically perpetuate SIM hijacks after a customer’s personal information has been obtained via phishing attacks or by purchasing compromised account credentials through dark web marketplaces. Victims of hijacking attacks frequently have their email accounts compromised prior to the SIM change, allowing fraudsters to intercept communications from providers like Verizon. Phishing occurs when criminals send fraudulent requests for personal information to victims, usually posing as a company or government agency.

How to report a SIM swap scam.

If you received a message from Verizon advising that your device was changed and you did not make this request, contact us immediately by dialing *611. This is an airtime-free call and will work even if your device has been deactivated. You can also call us by dialing 1-800-922-0204 from any phone.

How to protect against SIM swap.

Preventing SIM swapping starts with guarding your personal information from hackers. Protect your account by following these best practices for security:

Use strong and unique passwords. Each of your online accounts should have a strong and unique password or passphrase. Resist the temptation to reuse passwords, especially between social media and financial accounts. Always enable two-factor authentication wherever it’s available.  Use a password manager to create and manage complex passwords.

Be suspicious of unsolicited texts, e-mails, and calls, especially those urging you to act immediately and provide personal details. Verizon will never contact you to request any password, PIN, social security number, or payment information.  If you receive a suspicious text message claiming to be from Verizon, please forward it to us right away at S-P-A-M (7726), then delete it.

Give your online security posture an upgrade. If you have been the victim of a SIM hijacking attempt, you should change the passwords for services like your online banking and e-mail immediately.  Use the “security dashboard” of your e-mail provider to look for any suspicious logins from computers or locations you don’t know.  Change your passwords on a regular basis and review your credit report often to check for any unauthorized accounts or inquiries. Review Verizon’s tips for preventing phishing attacks.




  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.