SIM Swap

What Is a SIM Swap?

A SIM swap is a fraud attack in which a criminal gets a victim's phone number moved to a different SIM card or device. Once that happens, calls, text messages, and some verification codes meant for the real account holder may start going to the attacker instead. The fraud usually begins when the attacker persuades the mobile carrier to make the change or otherwise gains control over the phone-number account.

In personal finance, SIM swaps are dangerous because many accounts still use phone numbers for recovery or for one-time verification codes. If the attacker controls the number, that can undermine the protections tied to it and make account takeover easier across banking, payments, email, and brokerage services.

Key Takeaways

• A SIM swap moves a victim's phone number to a device the attacker controls.
• It can let the attacker receive calls, texts, and some verification codes.
• SIM swaps can weaken text-based MFA.
• The attack often becomes a bridge to broader account takeover or identity theft.
• Carrier account protections and stronger authentication methods can reduce the risk.

How a SIM Swap Works

A fraudster usually starts by gathering personal details about the victim and then contacting the mobile carrier while pretending to be that person. The story may involve a lost phone, a damaged device, or a request to activate service on a replacement handset. If the carrier accepts the request, the victim's number is reassigned.

After that, the attacker may try to reset passwords, intercept text-based verification codes, and gain access to financial or email accounts. The number itself becomes a tool for further fraud rather than just the initial target.

SIM Swap Versus Text-Based MFA

A text-message code can still add security compared with password-only login, but it has a dependency that matters: the phone number. A SIM swap attacks that dependency. Text-based verification and app-based verification through an authenticator app are therefore not identical from a risk standpoint.

Why SIM Swaps Matter Financially

Many financial accounts assume that the person who receives the text message is the rightful user. If that assumption breaks, password resets and code checks can start helping the wrong person. That can lead to bank-transfer fraud, payment-app fraud, brokerage access, or email takeover that later affects other accounts.

The financial damage can spread quickly because one stolen phone number may help unlock several accounts in sequence.

Signs of a SIM Swap

Common warning signs include a phone that suddenly loses service without explanation, calls or texts no longer arriving, unexpected carrier notices about account changes, or account alerts showing resets or verification attempts the consumer did not initiate. A sudden loss of mobile service combined with suspicious account activity is especially important.

Consumers who act quickly may still be able to stop some of the downstream fraud.

Example of a SIM Swap

Assume a consumer's mobile number is used to receive bank verification texts. A fraudster convinces the carrier to move that number to a new SIM card. The consumer's phone stops receiving service. The attacker then uses a stolen password to start logging in to the bank account and receives the texted verification code on the fraud-controlled device. The code still works as designed, but it is now going to the wrong person.

The example shows why a SIM swap is dangerous not because it steals money directly, but because it can break the trust built into phone-based recovery and verification.

The Bottom Line

A SIM swap is a fraud attack that moves a victim's phone number to a device controlled by the attacker. Control of the phone number can weaken text-based security steps and make wider financial account takeover easier.