SIM Swap Attack: How Criminals Hijack Your Phone Number and How to Stop Them
Learn how SIM swap and eSIM hijacking attacks work, the warning signs to watch for, and how to protect your bank accounts and online identities.
SIM Swap Attack: How Criminals Hijack Your Phone Number and How to Stop Them
Your phone suddenly shows "No Service." No calls, no texts — just dead air. You assume it's a network issue. Hours later, you discover thousands of dollars have been drained from your bank account. Welcome to SIM swap fraud — one of the fastest-growing cybercrimes worldwide.
In India, SIM swap complaints surged 320% in 2025 according to CERT-In. In the US, the FBI reported over $68 million in SIM swap losses in a single year. This attack bypasses SMS-based two-factor authentication entirely.
How SIM Swap Attacks Work
Method 1: Social Engineering
- The attacker gathers your personal information from social media, data breaches, or phishing
- They call your carrier impersonating you
- They claim your phone was "lost" or "damaged" and request a new SIM
- Your original SIM is deactivated
- All OTPs, calls, and texts now go to the attacker's phone
Method 2: eSIM Hijacking
| Step | Description |
|---|---|
| Phishing email/SMS | "Update your eSIM profile" with malicious link |
| QR code scan | Scanning attacker's QR transfers your eSIM |
| Remote activation | Number hijacked without physical SIM |
Method 3: Insider Fraud
Corrupt carrier store employees issue replacement SIMs without proper verification in exchange for payment.
Warning Signs
- Phone suddenly shows "No Service" or "Emergency Calls Only"
- Unexpected network drops without explanation
- Unknown transactions in your bank account
- Password reset emails you didn't request
- SIM change confirmation text from your carrier
Immediate Response Plan
- Call your carrier immediately — report unauthorized SIM change
- Contact your bank — freeze accounts, cards, UPI
- File a cybercrime report — IC3.gov (US), Action Fraud (UK), cybercrime.gov.in (India)
- Change all passwords — email, banking, social media
- Switch 2FA from SMS to authenticator apps — Google Authenticator, Authy
Prevention Strategies
| Security Measure | Why It Matters |
|---|---|
| Set a SIM PIN | Prevents SIM usage without PIN entry |
| Use authenticator apps for 2FA | SIM swap can't intercept app-based OTPs |
| Set transaction limits | Caps potential losses |
| Add a carrier PIN/passphrase | Extra verification for account changes |
| Keep phone number private on social media | Reduces attacker's reconnaissance data |
| Enable email alerts for banking | Notifications work even if SIM is compromised |
Sharing Sensitive Information Safely
Never send bank details, passwords, or PINs through iMessage or Messenger — if your SIM is compromised, attackers can see your message history on some platforms. Use LOCK.PUB to create password-protected links that expire after viewing. Even if your phone number is hijacked, the encrypted link remains inaccessible without the separate password.
The Carrier's Role
Major carriers have introduced additional protections:
- T-Mobile (US): Account Takeover Protection, SIM Protection
- AT&T: Extra Security PIN
- Verizon: Number Lock feature
- Jio/Airtel (India): Aadhaar-based biometric verification for SIM changes
Contact your carrier to enable all available security features.
Conclusion
SIM swap attacks succeed because SMS was never designed as a security mechanism. The best defense is reducing your dependence on SMS-based OTPs entirely. Switch to authenticator apps, set SIM PINs, and share sensitive information through encrypted, expiring channels like LOCK.PUB rather than text messages.
Report: FBI IC3 (US) | Action Fraud (UK) | Cybercrime.gov.in (India) | Your carrier's fraud hotline
Keywords
You might also like
AI Voice Cloning Scams: How Deepfake Calls Are Targeting Families and How to Fight Back
Learn how AI voice cloning scams work, why they've surged 450%, how to set up family code words, and strategies to protect yourself from deepfake calls.
How to Share Your SSN Safely: Protecting Your Social Security Number
Learn when and how to safely share your Social Security Number. Avoid identity theft with secure sharing methods, fraud alerts, and SSN protection best practices.
Health Insurance ID Scams: How to Protect Your Medical Identity
Scammers are targeting health insurance IDs and digital health accounts to commit medical identity theft. Learn how to recognize and prevent these scams.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free