ScamChecker.online·Last verified June 2026·Active·5 min read
In a nutshell
A SIM swap moves your phone number to a SIM card the criminal controls - without touching your phone.
Every account using text-message codes for verification is immediately at risk.
Your phone going dead is the first sign. Password-reset emails and drained accounts follow fast.
If you suspect it's happening, call your carrier from a different phone right now.
Our verdict
SIM swap attacks are real and well-documented. The FBI's IC3 received 982 complaints in 2024 with $25.9 million in reported losses.1Those figures significantly undercount actual cases - most victims report the result (drained accounts, identity theft) rather than the mechanism. The attack requires no action on your part.
Advertisement728×90 · Replace with AdSense unit
Does this sound familiar?
Your phone suddenly lost all signal - no calls, no texts, no data. You assumed it was a network glitch. Then password-reset emails started arriving, accounts asked you to verify a new device, and a carrier notification mentioned a SIM change you never made.
Below are reconstructed illustrations of what a victim typically experiences. The attacker's side is invisible to you - your only warning is the phone going dark. (Illustrations, not real screenshots. All names and numbers are fictional.)
No Service🔋 48%
14:38
Wednesday, June 11
Mobile Network Unavailable
Your SIM card does not have an active connection. Contact your carrier.
The first sign is total loss of service. You can't call or text to investigate - the number no longer belongs to your SIM.
C
Carrier Alert
+1 (555) 800-0100
Text Message · 14:39
Your SIM card has been updated and your number transferred to a new device. If you did not request this change, call 555-800-0100 immediately.
Your carrier may send a confirmation text - but it goes to the attacker's phone now, not yours. By the time you find out, they're already in your accounts.
B
First National Bank
Short Code 27373
Text Message · 14:41
Your one-time verification code is:
847291
This code expires in 10 minutes. Do not share it.
OTP codes sent to "your number" now go to the attacker's device. They can reset passwords and log into every account tied to that number.
This attack is also called SIM hijacking, SIM jacking, or a SIM porting attack - different names for the same mechanism: your phone number is moved without your knowledge or consent.
How it works
The attack runs in four phases. Most victims don't know it's happening until phase three - when the phone goes dead. (Screen examples below are illustrative reconstructions.)
1
Reconnaissance - collecting your details
The attacker assembles your personal information before making any call. They buy data from breaches that include names, addresses, and partial SSNs. They mine social media for your date of birth, employer, and hometown. Sometimes they first run a targeted phishing attack against your carrier account to harvest your login credentials directly. The goal is to gather enough to pass your carrier's identity verification check.
Data assembled before the call
Full name✓ confirmed
Date of birth✓ confirmed
Billing address✓ confirmed
Account PIN / last 4 SSN⚠ trying
2
The carrier call - impersonating you
The attacker calls your mobile carrier's customer service line, claims to be you, and says they've lost or damaged their phone and need to activate a new SIM. They provide your stolen details to pass identity verification. Carrier staff must balance security with customer service - and when the attacker has enough genuine data, the check can succeed. The call typically takes 10-20 minutes.
What the attacker tells carrier support
"Hi, I lost my phone and need to activate a replacement SIM. My name is [your name], account number [your number], date of birth [your DOB], billing address [your address]."
Carrier staff are not infallible. Enough stolen data gets through.
3
Your phone goes dead instantly
The moment the carrier completes the swap, your phone loses all connectivity - calls, texts, and data simultaneously. The attacker's SIM is now active on your number. You may assume it's a network outage. Meanwhile, the attacker begins receiving every SMS sent to your number, including one-time codes from banks, email providers, and crypto exchanges.
No Service🔋
14:38
Wednesday
No Service
Your phone number is no longer active on this device.
This is the moment. From here, every SMS OTP goes to the attacker.
4
Account draining - the attacker moves fast
Speed is critical. The attacker immediately requests password resets on email, bank accounts, brokerage accounts, and cryptocurrency wallets - all delivered as SMS codes to their phone. Most attackers cycle through a target list within 15-30 minutes, before you notice something is wrong. Crypto and brokerage transfers are typically irreversible. Bank account fraud can sometimes be disputed if reported within hours. The same technique is also used to take over social media accounts, which are then sold or used for further fraud.
📧 Email accountReset ✓
🏦 Bank accountReset ✓
₿ Crypto walletDrained ✓
📲 Social accountsTaken ✓
This can all happen before you notice your phone has lost service.
Remember
SMS text messages are the weakest form of two-factor authentication.
Caller ID showing your carrier's name proves nothing - it can be spoofed.
An authenticator app is not vulnerable to SIM swap - switch now, before it happens.
A phone number as a security method creates a single point of failure.
Red flags and warning signs
Several of these at once, especially in a short window, is a strong indicator.
Phone loses all service suddenly
No calls, no texts, no data - all at once. Not a signal issue. The number is no longer on your SIM.
Password-reset emails you didn't request
Multiple accounts sending reset requests in a short window means the attacker is cycling through their target list.
Carrier notification about a SIM or account change
Check your email even when your phone is dead - carriers often send a confirmation to your address on file.
OTP codes never arrive - or were already used
If a login code says it was already used, or simply doesn't arrive, it went to the attacker's phone.
Friends report unusual messages from your number
The attacker may use your number to message your contacts. People in your phone book can notice before you do.
Unfamiliar transactions on bank or crypto accounts
By the time you spot these, the attack may have been running for an hour. Act immediately.
Think you've been SIM swapped? Do this now.
If you're in this situation right now
Act in the first hour - speed matters
Some losses can be stopped or reversed if you move quickly. Every minute of delay gives the attacker more time.
1
Call your carrier immediately from a different phoneTell them you believe your SIM has been swapped without your authorization. Ask them to reverse it and add a SIM lock or port freeze. Use a friend's phone, a landline, or your carrier's web chat via Wi-Fi.
2
Change your email password first - on a different deviceEmail is the master key. Every "forgot password" link goes to your inbox. Secure email before anything else, and remove your compromised phone number as the recovery method.
3
Contact your bank and crypto exchanges immediatelyCall the fraud line and tell them your phone number was compromised. Ask them to flag suspicious transactions and temporarily freeze outgoing transfers. For crypto, request an account freeze while you regain access.
4
Switch every important account from SMS to an authenticator appOnce you've regained access, remove your phone number as a 2FA method. Replace it with Google Authenticator, Authy, or a similar app. These generate codes on your device and are not affected by SIM swap.
5
Place a credit freeze with all three bureausA SIM swap often precedes identity theft. The attacker may try to open credit accounts in your name. Freeze your credit with Equifax, Experian, and TransUnion to block new account applications.
6
Report it - and ignore any follow-up "recovery" offersFile with the FBI's IC3 at ic3.gov and the FTC at reportfraud.ftc.gov. If anyone later contacts you offering to recover your lost funds, that is almost certainly a money recovery scam - a second fraud targeting people who've just been victimized.
Also file a complaint directly with your carrier's fraud department - they are responsible for the unauthorized SIM swap and may be required to investigate.
SIM swap reporting is complicated by how victims document attacks. The mechanism - the carrier call - is rarely what gets reported. Victims file under account takeover, cryptocurrency theft, or identity fraud. That makes official complaint totals a severe undercount.
982
SIM swap complaints to the FBI's IC3 in 2024, with $25.9 million in reported losses1
$72.6M
Reported losses at the 2022 peak - 2,026 complaints, up from 320 complaints over the entire 2018-2020 period1
1,055%
Surge in unauthorized SIM swaps reported in the UK in 2024, per Cifas - showing the pattern is growing internationally2
240%
Increase in Australians seeking help after SIM swap attacks in 2024, per IDCARE2
The decline in US-reported losses from 2022 to 2024 doesn't mean the attack is declining. As carriers improved SIM swap detection, attackers shifted toward targeting cryptocurrency holders specifically - where a single successful swap can net far more than a bank account. Those losses are filed under cryptocurrency fraud rather than SIM swap, understating the real scale. Protecting yourself before an attack happens: set a SIM lock PIN with your carrier, move key accounts to an authenticator app, and reduce how much personal detail is publicly visible on social media.
Frequently asked questions
How do I know if my phone has been SIM swapped?
The clearest sign is your phone suddenly losing all service - calls, texts, and data - for no obvious reason. You may also receive unexpected password-reset emails, find you can't log into accounts that used SMS for verification, or get a notification from your carrier about a SIM change you didn't request.
What should I do immediately if I think I've been SIM swapped?
Call your carrier immediately from a different phone and ask them to reverse the SIM swap and lock your account. Then change your email password first - email is the master key to every other account. Move all important accounts off SMS two-factor authentication and onto an authenticator app. Contact your bank and any crypto exchanges to flag and freeze unauthorized activity.
Can I get my money back after a SIM swap attack?
Recovery depends on how quickly you act and what was taken. Bank fraud departments can sometimes reverse unauthorized transactions, especially if reported within 24-48 hours. Cryptocurrency transfers are essentially irreversible. Report to the FBI's IC3 at ic3.gov and the FTC at reportfraud.ftc.gov.
Does using an authenticator app instead of SMS protect me from SIM swap?
Yes - significantly. Authenticator apps like Google Authenticator or Authy generate codes on your device, not via your phone number. A SIM swap gives the attacker no access to those codes. Switching important accounts from SMS-based 2FA to an authenticator app is the single most effective defense against this attack.
How do criminals get my personal details to impersonate me to my carrier?
Most attackers buy stolen data from previous breaches, which often contains names, addresses, account numbers, and partial SSNs. They also mine social media for dates of birth and employers, and sometimes run targeted phishing attacks to harvest carrier login credentials directly.
Cifas (UK fraud prevention service) and IDCARE (Australia/New Zealand), as cited in SIM swap fraud statistics reporting, 2024-2025 data. International figures. Classified as illustrative rather than government-primary because both are industry/nonprofit bodies rather than government agencies.
Researched and maintained by ScamChecker.online
We document recurring online scam patterns using primary sources - government agencies, law enforcement, and security researchers. We do not accuse named businesses, and ads on this page do not influence our reporting. Read about how we research or who we are.
Last verified: June 2026·Reviewed against FBI IC3 2024 data