SIM swap fraud and phone‑number hijacking explained

June 23, 2026 Blog

Your phone number used to be just a way to make and receive calls. Today, it acts as a digital ID tied to your bank account, email, social media and work logins. That shift is why SIM swap fraud has moved from a niche scam to a fast‑growing risk.

SIM swap fraud happens when criminals trick a mobile carrier into transferring a victim’s phone number to a SIM or eSIM they control. Once that happens, text‑based login codes and password resets go straight to the attacker, enabling rapid account takeovers without hacking a device. Law enforcement reports show the tactic is increasingly used as the first step in larger fraud schemes, especially those involving financial and cryptocurrency accounts.

The trend is accelerating because stolen personal data is widely available, customer support processes still rely on human judgment, and many organizations continue to depend on text messages for account security.

According to the FBI’s most recent Internet Crime Report, cyber‑enabled fraud reached record losses in 2025, with identity‑based attacks — including phone‑number takeovers — playing a central role in larger financial scams. As criminals look for high‑impact fraud methods, SIM swap fraud has become a reliable entry point.

How SIM swapping works

Most people secure important accounts with a password plus a second step, often a text message code. In a SIM swap attack, the criminal doesn’t need to defeat your phone. Instead, they target the carrier process so your number is redirected to their device. From there, password‑reset links and texted authentication codes can land in the attacker’s inbox.

Warning signs of a SIM swap attack

SIM swapping often starts with something that feels like a phone issue instead of a security issue. If you notice any of the signs below, act quickly.

  • Sudden loss of service: Your phone shows “No service” or “Emergency calls only” in places you usually have a signal.
  • Unexpected carrier notifications: You get a text or email saying your SIM, eSIM or account settings were changed when you didn’t request it.
  • Account lockouts: You can’t log in to email, banking or other apps because passwords were changed.
  • Unusual activity: Unauthorized transactions appear, or your social media accounts show posts or messages that didn't come from you. 

How to prevent SIM swap fraud

No single step eliminates risk, but a few changes can make phone‑number hijacking much harder. Start with your mobile carrier: Ask about a port‑out PIN, account PIN or extra verification on your wireless account, and confirm your account recovery email is current. Then reduce your reliance on SMS, when possible, by using an authenticator app or a hardware security key for critical logins.

Also tighten the accounts that would be most damaging to lose, especially your primary email, financial accounts and social media. Use strong, unique passwords (a password manager helps), review account recovery options and watch for “change of phone number” notifications. The goal is to make sure that even if someone intercepts a text code, they still can’t easily reset your passwords.

What to do if you suspect a SIM swap

If you suspect a SIM swap, contact your mobile carrier immediately and say you believe your number was transferred without your permission. Ask them to restore service to your device, secure the account and add stronger verification, such as an account PIN and port‑out protection. At the same time, change passwords for your primary email and financial accounts from a trusted device, review recent login activity and revoke suspicious sessions where possible.

If your phone suddenly loses service or you receive unexpected carrier alerts, treat it as urgent. A carrier account PIN, port‑out protection and moving critical logins to authenticator apps can significantly reduce your risk of a phone‑number takeover.

How to stay ahead of SIM swap fraud

Review your carrier security settings, especially any account PIN or port‑out protection, and share these tips with your accountholders, family and friends so they know what to watch for and how to act quickly if their phone suddenly loses service.

We’ll continue to share updates as more information becomes available on this emerging fraud trend.

Resource: FBI.gov


SHAZAM, Inc., and ITS, Inc., provide this blog for general informational purposes only. The blog may be shared via direct link, provided the content remains unchanged and is presented as originally published. SHAZAM, Inc., and ITS, Inc., assume no responsibility for errors or omissions. By using this blog, readers acknowledge that the information provided does not constitute legal advice and is not a substitute for advice from a qualified, licensed attorney.

Blog
Quantum computing: Are financial institutions ready?

Quantum computing is reshaping cybersecurity — learn to manage risk and prepare for post-quantum encryption.

Posted on Thursday, March 12, 2026