According to the FBI Internet Crime Report, SIM swapping attacks in the U.S. caused over $25 million in cash losses in 2024. The UK alone saw a 1,055% surge in SIM swaps in 2024. This data underscores why SIM swapping is a global threat today. Considering its frequency and the potential risk for your personal and financial security, learning how to prevent SIM swapping is crucial.
In this guide, you’ll learn about:
- What SIM swapping is and how it works
- How it can affect you
- How to prevent SIM swapping
What Is SIM Swapping?
SIM swapping, also known as SIM jacking or SIM hijacking, is a fraudulent practice that involves a scammer taking over your account by:
- Assuming your identity
- Convincing your mobile carrier to port your number to a SIM card the scammer can control
By taking over your phone number, the scammer could gain access to your calls, text messages, emails, and social media accounts. Worse, they could:
- Take over your mobile banking accounts
- Pass any SMS-based two-factor authentication (2FA)
- Sell access to your phone number and associated accounts on the black market
Unlike other forms of attacks, such as phishing or malware, SIM swapping relies entirely on social engineering. It can’t be carried out without human involvement. Scammers have to harvest your personal information and impersonate you to complete the attack. In doing so, SIM swapping simultaneously takes advantage of technological gaps and individuals working in the telco system to take over your phone number.
One of the biggest dangers of SIM swapping is that you might not realize it’s happening until it’s too late. Your phone suddenly loses service, or you notice unusual activity in your accounts. By the time you catch on, the damage is already done, and it may be difficult to recover control over your phone number and accounts quickly.
How Does SIM Swapping Work?
SIM swapping occurs in three key stages:
- Harvesting your data
- Contacting the carrier
- Taking over and exploiting your account
1. Harvesting Your Data
Data harvesting is the first step a scammer needs to take to carry out a SIM swapping attack. During this stage, the scammer tries to learn as much information about you as possible to be able to impersonate you later. The scammer harvests data via one or more of the following methods:
- Browsing your social media profiles
- Checking out forums that you’re a member of
- Launching a phishing scam (e.g., asking you to fill out a form to harvest your data)
- Buying the information on the black market
2. Contacting the Carrier
Leveraging the personal information they’ve collected, the scammer will reach out to your mobile carrier and pretend to be you and ask to port your number to a new card. In most cases, the scammer will create a sense of urgency to get the customer service agent to act quickly—for example, they could use sentences such as:
- I’ve left my phone on the subway, and I need my number ASAP or my mobile banking app will lock me out.
- Please help me quickly, I’m traveling and can’t access anything without my phone.
- My phone’s been stolen, and I think someone’s trying to hack me. Can you move my number to a new SIM, please?
The agent will ask the scammer a few questions to verify the identity. After successful “verification,” your number will be ported to a new card without your knowledge.
3. Taking Over and Exploiting Your Account
Your phone will lose service, and the scammer will gain full access to your apps and accounts. Depending on their goal, the scammer can:
- Empty your bank accounts or cryptocurrency wallets
- Reset email and social media passwords
- Impersonate you to scam your family, friends, or coworkers
- Open new accounts in your name
- Access confidential work information
This is the most common method of perpetrating a SIM swap, but it’s not the only one. An employee of a mobile carrier can work with the scammer to provide information. There have been cases of attempts to bribe T-Mobile and Verizon employees to help carry out SIM swaps. Employees were offered $300 for each customer number they helped hijack.
This reveals the harsh reality: your security depends not just on technology but on the integrity of people handling your data. Using reputable carrier services doesn’t mean much if insider trust is compromised.
Tip 🔐
If you’re worried about SIM swap attacks, consider switching to Cape. We’re a privacy-first mobile carrier and follow a minimum trust framework.
Instead of passwords, your account is secured by a 24-word recovery phrase created at signup. Encrypted with a private key stored only on your device, it ensures only you can move your number to a new phone, preventing the insider threats and social engineering attacks that fuel most SIM swaps.
What Are the Signs of a SIM Swap Attack?
Typically, the more obvious signs of SIM swapping appear only after the attack, but recognizing them as early as possible is essential for preventing further damage. Here are the most common signs to focus on:
How To Protect Yourself From SIM Swapping: 7 Helpful Tips
Here are some of the best SIM swap protection methods that help you minimize the risk of these attacks and keep your accounts and device safe:
1. Take Advantage of Advanced Security Protocols
Wherever possible, use passcodes or additional verification methods to add an extra layer of security to your apps and accounts. For instance, you can set up 2FA that doesn’t rely on SMS one-time passwords but on fingerprints, tokens, or facial recognition.
These extra measures make it harder for scammers to access your accounts and complete SIM swapping.
2. Be Wary of Suspicious Emails and Messages
Scammers often use phishing to obtain your personal information, which they later use to impersonate you.
Here are a few signs that could indicate an email or message you received is a phishing attempt:
- Sense of urgency: A false sense of urgency is supposed to create anxiety and get you to act fast and click on the provided link, leave your personal info, or download a file.
- Suspicious links: Links with spelling errors or random letters and numbers indicate the email or message you received is a phishing attempt.
- Claims that there are problems with your account: Such claims are a classic phishing tactic designed to trick you into acting quickly, often overlooking warning signs like strange URLs or links.
- Claims you’re eligible for an award: These claims exploit curiosity and happiness to get you to leave your info.
- Strange sender email address: The sender’s email address often contains random numbers and letters or mistakes, and is a telltale sign of a phishing attempt.
If you suspect an email or message is a phishing attempt, don’t respond, even if it seems like it’s from a reputable source like your bank or the IRS. It’s best to directly reach out to these institutions via official channels to verify any suspicions.
3. Avoid Oversharing Your Personal Information Online
To conduct the SIM swap, scammers need to learn more info about you, and one way they do this is by checking out your social media profiles. You could become a target if your social media accounts are filled with information such as:
- The amount of crypto you have
- Your retirement savings
- Your income
- Your contact information
- Names of family members and pets
- Photos of boarding passes or personal documents
4. Monitor Your Accounts
Signs such as sudden spikes in phishing attempts or unusual activity in your bank account could indicate that a scammer is preparing to carry out a SIM swap—or another cyberattack that could lead to data loss or have severe financial consequences.
Always be on alert and keep an eye on all your accounts, from emails to social media and mobile banking. If you spot anything unusual, act immediately before the damage escalates.
5. Set Up Additional Protective Measures With Your Carrier
Some carriers allow you to set up more advanced protective measures against SIM swapping.
For example, T-Mobile’s SIM protection option adds an extra layer of security to your account—as long as the feature is enabled, no changes to your SIM are allowed. If a malicious actor reaches out to T-Mobile to attempt a SIM swap, they won’t be able to complete the process since SIM protection is on. They will be asked to disable the feature through the mobile app or website, and they won’t be able to do so without your credentials.
6. Avoid Linking All Your Accounts to Your Phone Number
If possible, don’t link all your accounts to just one phone number. This ensures that even if a malicious actor gains access to your phone number, they won’t be able to leverage it to get a hold of your accounts through SMS-based authentication.
For extra protection, use authentication apps like Google Authenticator that generate code locally on your device, offering more security than SMS-based 2FA.
7. Choose a Security-Oriented Mobile Carrier Like Cape
To minimize the risks of SIM swapping and other attacks and protect your mobile identity, opt for a security-first carrier like Cape.
Cape addresses this threat directly through a built-in SIM swap protection feature. Cape’s account authentication is designed to keep the subscriber in control. During signup, Cape replaces usernames and passwords with a 24-word passphrase that generates a private key tied to your device. This passphrase is the only way to initiate critical account changes like moving your number to a different device.
While major carriers have made progress in updating their security protocols, critical flaws remain. Just recently, T-Mobile had to pay $33 million in a lawsuit over a SIM swap attack that led to cryptocurrency theft.
Another disadvantage of using traditional carriers is that they collect and store large amounts of sensitive data, often sharing it with third parties. Combined with the legacy architecture they typically rely on, this exposes users to data breaches, which can result in SIM swaps.
In contrast, a security- and privacy-first carrier like Cape uses advanced measures to protect your data, number, and accounts from unauthorized use.
Cape: Robust Security, Minimal Risk of SIM Swaps
Cape is a mobile carrier built on privacy and security as core principles. It offers a reinvented approach to mobile security. Unlike traditional carriers, Cape requires minimal data from you to provide its service. We don’t want you to blindly trust us with your information. In fact, we encourage you not to. This ensures nobody can misuse your data, not even us.
To offer you more security, Cape runs its own mobile network that replaces Big Telcos’ weak legacy architecture. The result is a secure channel that manages all domestic or international communication and is far more resistant to network attacks.
In addition to running its own mobile core and providing SIM swapping protection, we offer the following features:
Cape is committed to refining the user experience, and you can expect more advanced features in the future.
Set Up Your Cape Account
The only requirement for setting up a Cape account is having an eSIM-compatible device. You can make the switch by visiting cape.co/get-cape.
For $99/month, you’ll get all Cape’s security and privacy features, as well as unlimited nationwide 4G and 5G data and unlimited texts and calls. All taxes and fees are already included in the price—no hidden costs or annoying contracts.
To strengthen your online security, we partnered up with Proton, a leading provider of privacy-first technology. All Cape subscribers can get Proton Unlimited or Proton VPN Plus for just $1 for six months.
