Skip to content
Suggest a term
SupportedSecurityLast updated: June 1, 2026

SIM-swapping fraud

SIM swappers impersonate victims with carriers using social engineering or insider assistance to redirect phone numbers, then use SMS-based two-factor authentication codes to access bank, cryptocurrency, and other accounts. The FBI IC3 documented $68 million in losses from 1,075 SIM swap complaints in 2023.

What we know

SIM swapping exploits the telecommunications industry practice of allowing customers to transfer their phone number to a new SIM card, which is a legitimate service for people who buy new phones. Attackers abuse this by impersonating the victim to the mobile carrier, often using personally identifiable information found through social media, data breaches, or phishing. In some cases, they bribe carrier employees directly.

Once the phone number is transferred to the attacker's SIM card, the victim's phone loses service and the attacker receives all calls and SMS messages intended for the victim. They then trigger 'Forgot Password' flows on bank accounts, cryptocurrency exchanges, and email services that use SMS-based two-factor authentication. They receive the verification codes on their device, reset the passwords, and take full control of the accounts. Cryptocurrency holdings are particularly targeted because blockchain transactions are irreversible.

The FBI recommends several protective measures: avoid advertising cryptocurrency holdings publicly, use authentication apps (like Google Authenticator or Authy) instead of SMS for two-factor authentication, set a carrier PIN on your mobile account that is required before any changes, and use hardware security keys for the most sensitive accounts. Be skeptical if your phone suddenly loses all signal in an area with normal coverage, which may indicate your number has been swapped.

Common claims

  • SMS two-factor authentication is fully secureFalse - SMS codes can be intercepted via SIM swap; app-based or hardware MFA is stronger
  • SIM swapping requires hacking the carrier's serversFalse - usually done through social engineering of customer service staff
  • Setting a carrier PIN prevents SIM swap attacksMostly true - a strong PIN significantly raises the bar for attackers

Evidence hierarchy

01FBI IC3 PSA: Criminals Increasing SIM Swap SchemesHow SIM swapping works; FBI recommendations for individuals and carriers02SIM Swap Scams: How to Protect Yourself - FTCFTC explanation of the attack and steps to protect accounts03FBI IC3 2024 Annual Report982 SIM swap complaints in 2024; reported losses significant for each incident

All sources

Related terms

Phishing emailsFake invoice / business email compromiseMalicious QR code scams