Back to blog
Digital Security
7 min

SIM Swap Fraud in Thailand: How Attackers Drain Your Bank Through AIS, TRUE, and DTAC

Understand how SIM swap fraud works in Thailand targeting AIS, TRUE, and DTAC customers. Learn the full attack chain from SIM swap to banking drain, plus carrier-specific protection steps.

LOCK.PUB
2026-03-17

SIM Swap Fraud in Thailand: How Attackers Drain Your Bank Through AIS, TRUE, and DTAC

SIM swap fraud is one of the most devastating cyberattacks targeting Thai consumers. Unlike phishing, which requires you to click a link or share information, a SIM swap can happen without any action on your part. The attacker convinces your mobile carrier to transfer your phone number to a new SIM card — and suddenly, they receive every call, SMS, and OTP code meant for you.

In Thailand, where mobile banking and e-wallets depend heavily on SMS-based OTP verification, a successful SIM swap can empty bank accounts in minutes.

The SIM Swap Attack Chain

Understanding the full attack chain helps you spot and stop it at any stage.

Stage 1: Information Gathering

The attacker collects your personal information through:

  • Social media profiles (name, birthday, phone number)
  • Data breaches (leaked databases sold on dark web)
  • Phishing attacks (fake forms that collect your ID number)
  • Physical observation (looking over your shoulder at a carrier store)

Stage 2: The SIM Swap

Armed with your personal details, the attacker approaches a carrier store or calls customer service. They claim to be you and request a SIM replacement, citing a "lost" or "damaged" phone. In some cases, corrupt carrier employees facilitate the swap for a bribe.

Stage 3: OTP Interception

Once the new SIM is activated, your phone loses all signal. The attacker now receives:

  • All SMS messages, including banking OTPs
  • Phone calls, including bank verification callbacks
  • Password reset codes for email, social media, and apps

Stage 4: Account Takeover and Drain

The attacker moves quickly:

  1. Resets your mobile banking password using SMS OTP
  2. Logs into SCB EASY, K PLUS, Bualuang, or other banking apps
  3. Transfers money to mule accounts via PromptPay
  4. Drains your TrueMoney Wallet, Rabbit LINE Pay, or other e-wallets
  5. Changes passwords on your email and social media to lock you out

Total time from SIM swap to empty accounts: often under 15 minutes.

Attack Chain Timeline

Stage What Happens Time Your Warning Sign
1. Info Gathering Attacker collects your data Days-weeks None (silent)
2. SIM Swap (สวอปซิม) Your number moves to new SIM 5-30 minutes Phone loses signal suddenly
3. OTP Capture Attacker receives your OTPs Immediate You stop receiving SMS
4. Bank Drain Money transferred out 5-15 minutes Bank notifications (if email)
5. Lockout Passwords changed on all accounts 10-30 minutes Cannot log in anywhere

Carrier-Specific Protection Steps

AIS (1175)

  1. Set a SIM lock PIN — Visit any AIS shop to set a PIN required for SIM changes
  2. Enable AIS Secure — Additional identity verification for account changes
  3. Register biometric verification — Visit an AIS flagship store to add fingerprint verification
  4. Limit self-service changes — Request that SIM swaps require in-person ID verification only
  5. Monitor your AIS account — Check myAIS app regularly for unusual activity

TRUE (1242)

  1. Set a SIM change PIN — Request a specific PIN for SIM replacement at any TRUE store
  2. Enable TrueID verification — Link your TrueID account for additional security
  3. Request in-person only SIM swaps — Ask TRUE to flag your account so swaps require physical presence
  4. Register your SIM with current ID — Ensure your registration details are up to date
  5. Enable TRUE account notifications — Get alerts for any account changes

DTAC (1678)

  1. Set a security PIN — Visit a DTAC center to establish a PIN for SIM changes
  2. Request enhanced verification — Ask for additional ID requirements for any SIM operations
  3. Keep your account details updated — Outdated information makes social engineering easier
  4. Monitor through dtac app — Check for unauthorized changes regularly
  5. Enable alerts — Turn on notifications for account modifications

What to Do If You Suspect a SIM Swap

The moment your phone unexpectedly loses signal (not from being in a basement or dead zone), act immediately:

  1. Use another phone to call your carrier — AIS: 1175, TRUE: 1242, DTAC: 1678
  2. Ask if a SIM swap was requested — If yes, demand immediate reversal
  3. Call your banks — Freeze all accounts linked to your phone number
  4. Change all passwords — Email, banking, social media (from a different device)
  5. Alert TrueMoney, Rabbit LINE Pay and any other e-wallets
  6. File a police report — thaipoliceonline.com or local station
  7. Call 1441 — Anti-Online Scam Operation Center

Protect Your Recovery Information

Your phone number is a single point of failure for most account security. When you need to store backup recovery codes, alternative contact numbers, or emergency access information, do not keep them in LINE chats or phone notes that disappear with your SIM. Use LOCK.PUB to create encrypted, password-protected memos that you can access from any device. Store your 2FA backup codes, recovery emails, and emergency contacts in a secure memo that only you can unlock.

Advanced Protection Against SIM Swap

Reduce SMS Dependency

  • Use app-based 2FA (Google Authenticator, Microsoft Authenticator) instead of SMS OTP where possible
  • Enable push notifications from banking apps as an alternative verification method
  • Set up email-based alerts as a backup notification channel

Limit Your Exposure

  • Do not post your phone number on social media or public forums
  • Use a separate phone number for banking and financial services
  • Be cautious with caller ID — Scammers can spoof any number
  • Shred documents containing your phone number and carrier details

Monitor Continuously

  • Check your carrier account weekly for unauthorized changes
  • Test your phone signal if you know you are in good coverage and it drops
  • Set up bank transaction alerts via email (not just SMS)
  • Review your credit report at the National Credit Bureau periodically

The Bottom Line

SIM swap fraud is particularly dangerous because it exploits a weakness in the telecom system, not in your behavior. The best defense is proactive: set SIM change PINs with your carrier, reduce dependence on SMS-based OTP, and act within minutes if your phone loses signal unexpectedly.

For storing critical recovery information securely, visit LOCK.PUB to create free encrypted memos that only you can access with a password.

Keywords

SIM swap Thailand
SIM swap fraud AIS
SIM swap TRUE DTAC
สวอปซิม
OTP interception Thailand
mobile banking fraud Thailand
SIM hijacking
Thailand telecom fraud

You might also like

ThaiD Digital ID App Security: Phishing Risks and Safe Usage Guide

How scammers impersonate Thailand's ThaiD digital ID app through phishing, fake government notifications, and data exposure. Learn to use ThaiD safely.

Digital Security

GoPay, OVO, DANA Account Security: How to Protect Your Indonesian E-Wallet

Learn how to secure your GoPay, OVO, and DANA e-wallet accounts from fraud, phishing, and social engineering attacks common in Indonesia.

Digital Security

PIX Security for Businesses: How to Protect Your Merchant Account from Fraud

Learn how to protect your business from PIX fraud including fake payment screenshots, QR code swaps, and social engineering attacks targeting Brazilian merchants.

Digital Security

Create your password-protected link now

Create password-protected links, secret memos, and encrypted chats for free.

Get Started Free
SIM Swap Fraud in Thailand: How Attackers Drain Your Bank Through AIS, TRUE, and DTAC | LOCK.PUB Blog