How a SIM swap works
The attacker doesn’t touch your device. Instead they impersonate you to your carrier:
- Reconnaissance. They gather your name, phone number, address, and date of birth — typically from data brokers and old breaches — plus answers to common security questions.
- The pretext. They call or visit a store claiming to be you with a “lost” or “damaged” phone, and ask the carrier to activate a new SIM. Sometimes they bribe or socially engineer a store employee directly.
- The port. The carrier moves your number to the attacker’s SIM. Your real phone loses signal — often the only warning sign.
- The payoff. With your number, they trigger password resets and intercept the SMS codes for your email, bank, and exchange accounts, draining them within minutes.
Warning sign: if your phone suddenly shows “No Service” or “SOS only” and it isn’t a network outage, treat it as a possible SIM swap in progress and contact your carrier immediately from another line.
Why attackers target your number
SIM swapping is popular because so many services still treat a phone number as proof of identity. Once an attacker owns your number, SMS two-factor stops protecting you and starts working for them — every reset code goes to their device. High-value targets are people with cryptocurrency, but anyone with a bank login, an email account, or valuable social media handles is worth swapping. Because the raw material is your leaked personal data, reducing that exposure directly reduces your risk.
Real-world examples
SIM-swap crews have stolen millions in cryptocurrency by hijacking the phone numbers of investors and executives, taken over high-value social media handles to resell them, and locked victims out of their own email and banking. In several documented cases the attackers succeeded not because of sophisticated hacking but because a carrier employee approved the change based on personal details that were freely available from data brokers. Cutting off that data supply is a first-order defense.