A SIM swap (or SIM jacking) occurs when a criminal contacts your mobile network operator and impersonates you to transfer your phone number to a SIM card in their possession. Once successful, all calls and text messages intended for your phone route to their device instead.
This matters because many services use SMS-based two-factor authentication (2FA). By controlling your phone number, attackers can intercept the one-time passwords (OTPs) sent to verify logins, reset passwords, and access sensitive accounts. Email, banking, cryptocurrency wallets, and social media are common targets.
Why it works: social engineers exploit publicly available information (name, address, date of birth) combined with poor verification procedures at phone networks. Staff may not adequately validate caller identity before authorising transfers.
Common warning signs include:
- Sudden loss of mobile signal
- SMS and calls not reaching your phone
- Unexpected password reset emails
- Account notifications you didn't trigger
- Difficulty contacting your network operator
Protection steps:
- Add a PIN or passcode to your account with your mobile operator, making verbal authorisation harder
- Switch away from SMS-based 2FA where possible, using authenticator apps (Google Authenticator, Microsoft Authenticator) or hardware security keys instead
- Reduce personal information publicly available on social media
- Register important accounts with security keys as your primary 2FA method
- Contact your mobile operator immediately if you suspect suspicious activity
SIM swaps represent a real threat to high-value targets but remain preventable through proper account security measures and using authentication methods that don't rely on phone number ownership.