cellt

← Glossary · SIMs & devices

SIM swap

SIM swap is a fraud technique where an attacker convinces a carrier to transfer your phone number to a SIM/eSIM they control. Once the swap completes, they get your SMS 2FA codes and can break into your accounts.

A SIM swap (also called a port-out scam or SIM hijacking) is when a fraudster convinces your cellular carrier to move your phone number to a SIM card or eSIM under their control. Once the swap goes through, all calls and texts route to the attacker's device. Most importantly, any SMS-based two-factor authentication codes — for your email, bank, brokerage, crypto wallet — also go to them. From there they can reset passwords and break into accounts that rely on SMS 2FA.

How attackers do it

The attacker calls (or visits a store of) your carrier and pretends to be you. They use information leaked or scraped from past breaches — your full name, billing address, last four of SSN, recent bills — to pass the carrier's verification. They convince the rep that they've "lost their phone" or "got a new device" and need to activate a new SIM. The carrier rep transfers your line to the attacker's SIM. Within seconds, your phone shows "No Service" and the attacker has full control of your number.

How to defend against it

  • Set a port-out PIN with your carrier. Verizon, T-Mobile, AT&T, and most MVNOs let you set a separate PIN that's required for any SIM swap or number transfer. It's typically buried in the account settings — find it and set a strong one. Without this PIN, no rep should be able to move your line.
  • Move 2FA off SMS where possible. Use authenticator apps (Authy, Google Authenticator, 1Password) or hardware keys (YubiKey) for high-value accounts: email, bank, brokerage, crypto. SMS 2FA is better than nothing for low-value accounts but is the weak link in your security.
  • Lock your wireless account. T-Mobile has "Account Takeover Protection" that blocks port-outs entirely until you unlock. Verizon has "Number Lock." Set them.
  • Don't use your real cell number for new accounts. Some accounts let you use a Google Voice or other VoIP number, which can't be SIM-swapped.

If you suddenly see "No Service" or "SOS only" on your phone for no apparent reason, treat it as suspicious. Use a friend's phone to call your carrier immediately and ask if a port-out or SIM change was just initiated.

Related terms in SIMs & devices

Port-out PIN
A port-out PIN is a separate code (4-15 digits) required to authorize moving your phone number to a different carrier. Without it, the new carrier's port-in request gets rejected.
Unlocked phone
A phone that works on any carrier's network. Sold by Apple/Samsung/Google direct, or unlocked after a carrier-financed phone's contract is paid off.
NFC
NFC (Near-Field Communication) is the short-range radio standard that powers Apple Pay, Google Pay, contactless credit cards, and tap-to-share features. Available on essentially all modern smartphones.

All SIMs & devices terms →

← Back to all glossary terms