SIM Swapping: How It Works & How to Avoid It
A SIM swap attack is a newer type of fraud that utilizes social engineering to hijack your phone number. Learn how SIM swapping works and how to avoid it.
SIM swapping lets attackers hijack your phone number to access accounts and bypass 2FA.
They use phishing, data breaches, or insider help to trick carriers into switching your SIM.
Signs include lost service, account lockouts, and unauthorized transactions.
Protect yourself with carrier PINs, eSIMs, app-based 2FA, and quick response to suspicious activity.
What is SIM swapping?
SIM swapping is a type of identity theft where a scammer tricks a mobile carrier into transferring a victim’s phone number to a SIM card the attacker controls. Once they have control of the number, they can intercept calls and text messages, including two-factor authentication codes sent via SMS, giving them access to sensitive accounts like email, banking, or cryptocurrency wallets.
This attack often begins with social engineering, where the scammer gathers personal information about the victim to convince the carrier’s customer service to make the switch.
Read next: Common Bitcoin Scams
What is a SIM?
A SIM (Subscriber Identity Module) card is a small chip from your mobile carrier that links your phone number to your device. You can move it to another phone to transfer your number and service, and sometimes also transfer stored data like contacts.
How does SIM swapping work?
SIM swapping is a multi-step process that relies on both technical loopholes and social engineering. Here’s how it typically unfolds:
Information gathering: The attacker collects personal details about the victim, such as full name, phone number, address, Social Security number, or answers to security questions. This data can come from phishing emails, data breaches, or even public social media profiles.
Contacting the mobile carrier: Using the stolen information, the attacker contacts the victim’s mobile provider, pretending to be the account holder. They request a SIM card transfer, claiming the phone was lost or upgraded.
Convincing customer support: If the carrier’s customer service accepts the fake identity, often because the attacker has accurate enough details, they authorize the SIM swap. The victim’s phone loses service, and the attacker’s SIM now receives all calls and texts meant for the victim.
Gaining account access: With control of the victim’s phone number, the attacker can reset passwords for email, banking, and other accounts that use SMS-based two-factor authentication. They receive the verification codes directly to their device.
Taking over accounts or stealing funds: Once inside, attackers may lock out the real user, steal funds, access sensitive information, or sell the compromised accounts on the dark web.
This is why relying solely on SMS for two-factor authentication can be risky; once someone has your number, they have the keys to many of your digital doors.
Read next: How to Avoid Crypto Scams
How do hackers get your information?
Hackers often use social engineering to trick people into revealing personal details. They gather information through methods like phishing (especially smishing, or SMS-based scams), spyware, data breaches, and data brokers. In some cases, they may even collaborate with an insider at a mobile carrier to complete a SIM swap.
To convince a carrier to transfer a number to a new SIM, attackers usually collect the following types of information:
Account credentials: Passwords, PINs, and answers to security questions
One-time passcodes (OTPs): Temporary codes often used for verification
Financial info: Credit card details, especially the last four digits and security code
Device info: IMEI and SIM card numbers (ICCID)
Personal info: Full name, billing address, date of birth, and email address
Call logs: Recent calls or numbers you've dialed
Carriers have varying security requirements, but with enough accurate details, scammers can often bypass protections and hijack your number.
Read next: How to Report Stolen Crypto
Examples of SIM swap attacks
Here are several real-world examples of SIM swap attacks, including crypto-related incidents and broader fraud cases:
SEC’s X account attack: Hackers gained control of the U.S. SEC’s X (formerly Twitter) account by SIM-swapping the phone number tied to it. They falsely announced approval of a Bitcoin ETF, briefly spiking BTC's price by ~10%. The SEC later confirmed 2FA had been disabled months prior.
Michael Terpin attack: Crypto investor Michael Terpin lost $24 million after attackers hijacked his phone number and accessed his wallets. He sued AT&T for negligence but ultimately lost the case.
Joel Ortiz SIM swap ring: College student Joel Ortiz led a group that stole over $7.5 million in crypto by bypassing 2FA through SIM swapping. He was sentenced to 10 years in prison, marking a landmark conviction in SIM-swap crimes.
French bank insider fraud: An intern at Société Générale leaked client data to scammers who then executed SIM swaps, draining over €1 million from 50 victims. The attack relied heavily on insider access and bypassing SMS-based security.
California elder fraud case: A scammer in San Fernando Valley used SIM swaps and stolen personal data to access accounts belonging to mostly elderly victims, stealing more than $1.8 million. He received a multi-year prison sentence.
What are the signs of a SIM swap attack?
Recognizing the early signs of a SIM swap attack can help you act quickly and minimize the damage:
Sudden loss of mobile service: If you can't send texts, make calls, or use mobile data while others on the same carrier have no issues, your number may have been transferred to another SIM, possibly by a scammer.
Suspicious carrier or device alerts: Notifications about a new device activation or unexpected account activity from your mobile provider could indicate a SIM swap is in progress or has already occurred.
Locked out of your accounts: If your passwords are suddenly changed or your logins are blocked, attackers may have used your hijacked number to take over your accounts. This is a critical red flag.
Unfamiliar transactions: Receiving alerts for financial activity you didn’t authorize, especially following a service disruption, strongly suggests your phone number was used in a SIM-swapping scam.
Read next: Crypto Phishing Scams
How to prevent SIM swap attacks
While SIM swap scams can be highly damaging, there are several effective steps you can take to reduce your risk and better protect your digital identity:
1. Add extra protection with your carrier
Contact your mobile provider and ask about SIM swap protection options. Many carriers offer additional security measures, such as:
Account PINs or passwords that must be provided before any number transfer
Number Transfer PINs, which are required to port your number to a new SIM
SIM lock features, which make unauthorized changes more difficult
2. Use eSIM Technology
eSIMs (embedded SIMs) are built into your phone and can’t be physically removed or swapped. Because there’s no physical card to steal or clone, using an eSIM adds a layer of security against SIM swap attempts.
3. Strengthen account security
Enable 2FA using an authenticator app or biometric login, rather than SMS-based codes, which can be intercepted in a SIM swap attack
Use a password manager to generate and store strong, unique passwords for all accounts
Set up account alerts so you’re notified of any unusual activity or login attempts
4. Limit personal info exposure
Scammers often use personal information found online to impersonate you. Avoid posting details like your birthday, phone number, or address on social media. Also, ignore unsolicited messages asking for sensitive data, especially those claiming to be from banks, telecom companies, or government agencies.
5. Use Antivirus and Keep Devices Secure
Install antivirus software on your phone and computer to detect spyware or malware that could leak your information. Regular scans and cautious file downloads help prevent background surveillance by attackers.
6. Set or update your SIM PIN
A SIM PIN requires a code to access or change SIM settings. You can usually find this option in your phone’s security settings. Just make sure to choose a strong PIN and avoid the default one provided by your carrier.
7. Act fast if you suspect a SIM swap
If you suddenly lose service or notice suspicious activity:
Immediately contact your carrier to report the issue and regain control of your number
Notify your bank or crypto exchange to freeze or secure your financial accounts
Reset passwords and disable 2FA, then re-enable it with updated settings
Koinly can help calculate crypto losses
If you have crypto losses from a SIM swap attack that you’re unable to recover, you may be able to at least claim these as a loss in your tax bill. Koinly can help you calculate any losses, including from theft, and easily report your crypto to your tax office. Learn more in our guide on how to report stolen cryptocurrency on taxes, or try Koinly free today.