SIM swapping explained: What it is, how it works, and how to prevent it
Hackers are selling SIM swapping services on the dark web for as much as US$20,000 — and the price tag itself shows just how damaging this scam can be. Once your number is stolen, attackers can slip into your bank account, crypto wallet, or social media in minutes. In this article, we’ll unpack how SIM swapping works, why it’s a booming black-market business, and how you can stay one step ahead.
Innehållsförteckning
What is SIM swapping?
SIM swapping, sometimes called SIM jacking, happens when someone convinces your mobile carrier to move your phone number onto a SIM card they control. Once that switch is made, they can receive your calls and texts, including all the important verification codes, and get into your accounts before you even notice.
However, it’s important to note that SIM swapping is not always a scam. Whenever you replace a lost or stolen device, your mobile carrier will use SIM swapping to activate your number on your new SIM card. SIM swapping only becomes illegal when it’s unauthorized. If a bad actor transfers your SIM to a mobile device without your consent, it’s a crime.
One of the most infamous cases of SIM swapping involved Twitter’s then-CEO Jack Dorsey. In 2019, Dorsey had his phone number transferred to another device without his authorization. The scammer used the stolen phone number to access Dorsey’s Twitter account and began posting offensive messages.
It only took Twitter 15 minutes to regain control of Dorsey’s account, so the worst of the damage was mitigated. However, for an average person, recovering accounts taken over by SIM swap scammers can take days or even weeks! Anyone can become a victim, so it’s extremely important to learn how to avoid SIM swapping.
How does SIM swapping work?
SIM swapping works by convincing your mobile carrier to transfer your SIM to a new phone controlled by the scammer. If your phone uses a physical SIM card, a criminal can simply steal your SIM and insert it into their own mobile device.
You’ll see a few common methods — someone can physically steal your SIM card and drop it into their phone, scammers may impersonate you in a carrier shop or on calls with the carrier’s support, or insiders can be bribed to push through a transfer. To make their story believable, attackers might harvest personal data with phishing or scraping.
Here’s how a SIM swapping attack usually unfolds:
Reconnaissance. The attacker gathers personal data via social media, data breaches, public records, or phishing messages to build a believable identity.
Preparation. The criminal assembles account details and fake IDs, or simply buys a SIM swap service on underground forums.
Contact. The attacker visits a carrier store, calls carrier’s support, or contacts a compromised employee, and asks for the number to be moved to a new SIM. Retail visits are surprisingly common.
Activation. The carrier transfers the number. Texts and calls start routing to the attacker’s device, while your phone suddenly loses service.
Account takeover. Using intercepted verification codes, the attacker resets passwords, logs into email, bank, and crypto accounts, and moves money or crypto out.
Monetization and cover-up. Access is drained or sold on the dark web, and the attacker may sell the compromised accounts to others.
And before you know it, your SIM card stops working, signalling that you have become a victim of identity theft. So it’s a good idea to keep these steps in mind — they show how small pieces of public info and a single successful call or store visit can snowball into a major theft.
What are the dangers of SIM swapping?
It’s no surprise that SIM swapping can be very dangerous for the victim. At best, they can damage your reputation and relationships. At worst, you could lose money and find yourself on the hook for unauthorized loans.
The dangers of SIM swapping include:
2FA bypass. SIM swapping can help bypass two-factor authentication because a sign-in code is sent to the scammer. If you fall victim to a SIM swapping scam, any account you have enabled 2FA on, such as your bank account or social media profile, can fall under the scammer’s control.
Financial loss. Most scams exist for financial gain, and SIM swapping is no exception. One of the most common outcomes of SIM swapping attacks is financial loss. Criminals will use the access to your phone number to bypass two-factor authentication and empty your bank accounts, investment profiles, and cryptocurrency wallets in the blink of an eye.
Account access. Scammers can use mobile sign-in codes to log in to any online account with 2FA enabled. Once the cybercriminal gains access to your account, they can easily change the password and lock you out. Scammers often target bank accounts, but they can also take control of other accounts, like social media profiles, where they can impersonate you further.
Unauthorized lines of credit. Having control of your phone number, cybercriminals can also set up new financial accounts, loans, or lines of credit in your name. Even though you have no control over or even knowledge of these accounts, they’re tied to your name, so they can negatively impact your credit score, lowering your chances of getting credit cards, mortgages, or loans in the future.
Reputational damage. The costs of SIM swapping aren’t purely financial. When someone has control of your phone number, they can easily impersonate you via text messages, phone calls, or social media. A bad actor can destroy your personal relationships by sending abusive messages or damage your reputation through offensive social media posts.
Because SIM swapping scams have such serious consequences, you should do everything you can to protect yourself and your device.
How do SIM swapping scams look like in 2025
SIM swapping isn’t always a cloak-and-dagger operation — sometimes scammers simply walk into a carrier store and request a number transfer, but dark-web SIM-for-hire services are also common. In fact, it’s a very popular business — NordStellar found SIM services listed for roughly US$8,000–$20,000 on the dark web and logged about 10,000 mentions of SIM cards in the first half of 2025.
A post on a dark web forum offering a SIM swapping service. Retrieved by NordStellar
The threat is global. Underground forums are full of users boasting about swapping SIMs across carriers and borders, and sharing tips for exploiting weak verification procedures and regulatory loopholes.
Telecommunication companies have tightened security, but social engineering is still the easiest route in. Attackers manipulate frontline staff, exploit sloppy procedures, or even enlist insiders to push fraudulent transfers. This mix of leaked data, human errors, and cross-border complexity makes stopping SIM swapping an ongoing challenge.
Challenges in addressing SIM swapping attacks
Telecom providers have stepped up their defenses in recent years, introducing stricter identity checks, port freezes, and multi-layer verification to combat SIM swapping. Yet, the problem persists, and it’s not just about technology. The biggest challenge lies in the human factor. Social engineers still exploit small flaws in carriers’ procedures, and some attackers even search for rogue employees who can be bribed or tricked into approving a transfer.
Today, AI-powered online scraping makes impersonation even easier. It can assemble a target’s online footprint in seconds, and real-time posts or travel updates can be matched to carrier records to make a fake identity look entirely convincing.
Ultimately, the challenge in stopping SIM swapping isn’t just about closing technical loopholes — it’s about reducing the vast amount of personal data available online, improving staff training, and making sure that identity verification methods evolve as quickly as scam techniques.
How to know if you’ve been SIM swapped
SIM swapping scams can happen without any warning signs, so it’s important to learn how to tell if you’ve been SIM swapped. The sooner you pick up on the fraud, the more likely you’ll be to recover your accounts.
The signs of SIM swapping include:
Strange calls, emails, or text messages. Suspicious phone calls, emails, or text messages can be an early sign that scammers are attempting to phish data from you. Phishing scams can lead to a variety of negative outcomes, so read up on anti-phishing techniques to protect yourself.
Loss of phone service. If your phone abruptly loses service, it might indicate that your SIM has been swapped. If that happens, your phone may still be able to access the internet or use applications on Wi-Fi, but you won’t be able to use mobile data, send and receive texts, or make and receive phone calls. Keep an eye out for error messages like “No SIM available,” and check with other people nearby to see if they’ve lost service too. Sometimes, you may simply be in an area where your wireless provider doesn’t have coverage.
Strange account activity. If you notice that someone is making posts on your social media profiles, buying items in your name through an online retailer, or making wire transfers without your authorization, your SIM may have been swapped.
New device added. If you receive an email or letter from your mobile provider stating that a new device has been added to your account, or you find a device that you didn’t authorize, a bad actor may be attempting a SIM swap.
Notification of SIM transfer. Wireless providers may notify you when they perform a SIM transfer. If you receive an alert about a SIM transfer that you didn’t approve, contact your carrier immediately.
Loss of account access. If your login credentials no longer work and you’re locked out of your online banking, credit card, social media, or other accounts, it could be a sign of a SIM swap.
What to do if you've been SIM swapped
If you’ve been SIM swapped, it’s important to act quickly. Follow these steps to secure your accounts:
Contact your mobile provider and explain what happened. They can help you get your SIM transferred back to your phone, as well as launch an investigation into the incident.
Inform your bank, credit card company, and other financial organizations of the fraud. They’ll advise you on how to review suspicious transactions and secure your accounts.
Report the crime to your local police.
Monitor all your accounts for suspicious activity, including online banking, social media, and other online accounts.
Consider freezing your credit with major credit firms so that no one can open new accounts or take out loans in your name.
How to protect yourself from SIM swapping
Most SIM swapping scams happen without any prior warning, so learning how to prevent them can be the best way to protect yourself. Follow these best practices for SIM swap prevention:
Set up a PIN with your carrier. Ask your mobile carrier to set up a PIN code to authorize all account changes.
Choose strong, unique passwords. If a scammer can’t get your password, they can’t bypass 2FA with a SIM swap. Create unique passwords that combine upper- and lowercase letters, numbers, and symbols and change them frequently.
Learn anti-phishing techniques. To prevent criminals from getting enough information to impersonate you, practice anti-phishing techniques, like verifying a caller’s identity and avoiding opening suspicious links and attachments.
Don’t give out your phone number. Only share your phone number when it’s necessary. The easier it is to find your phone number, the more likely a SIM swap is.
Use different numbers for important accounts. If you’re worried about SIM swapping, having multiple phone numbers can help protect you. Instead of your personal phone number, consider attaching a separate phone number to your online banking account.
Notify your carrier of suspicious activity. If you notice a strange device on your account or receive a notification of an unauthorized SIM transfer, contact your mobile provider immediately.
Avoid sharing personal information on social media. You would be surprised what people can learn from your social media profiles! Don’t divulge your phone number or personal info, like your address, that can be used to guess passwords or answers to security questions.
Use an eSIM. An eSIM is a virtual alternative to physical SIM cards that can’t be lost or stolen, so it offers an extra layer of protection against SIM swapping.
Consider using an identity theft protection service. While you can’t monitor everything on your own, services like NordProtect can alert you to suspicious credit activity or data leaks involving your personal information, helping you take action before any real damage is done.
How eSIMs can reduce the risk of SIM swapping
One of the benefits of an eSIM is that it reduces your reliance on unsecured Wi-Fi networks, where cybercriminals may try to steal your data for SIM swapping or other types of fraud.
The Saily eSIM app can help keep your phone number safe when you’re traveling. Saily offers cost-effective plans for over 200 international destinations so that you can get the high-speed data you need, no matter where you are.
And even better than that, Saily’s security features guard you against internet threats and help you protect data on your mobile device. Our enhanced security measures block malicious sites, online trackers, and ads for a safer, faster, and more enjoyable browsing experience.
Download an eSIM app to stay safe on your next trip!
Get internet access in minutes with a virtual SIM card
Affordable mobile data plans for every journey.
FAQ
Giedrė is an outdoor enthusiast who feels more at home in a tent than in a luxury hotel. She’s the type who packs her bags with a headlamp and enough snacks to survive a zombie apocalypse, but that doesn’t mean she doesn’t like snapping pictures to post on her Instagram stories. For that, she’s always prepared with an eSIM card on her phone — it helps her navigate the forest, too!