SIM-swapping attacks; also known as SIM splitting or SIM jacking, happens when a hacker gathers enough of your personal information to impersonate you with your mobile carrier. Using details like your name, phone number, address, date of birth, or even your Social Security number, they convince a support representative to transfer your phone number to a SIM card they control.
Once the number is moved, the attacker can access your accounts, view private data, and intercept authentication codes sent via text message. With control of SMS-based verification, they can break into additional services and potentially commit identity theft. As these attacks have increased in recent years, the FBI, FCC, and other agencies have issued widespread warnings, prompting US carriers to strengthen number-transfer protections. Verizon, AT&T, and T-Mobile now offer account-locking tools to help prevent unauthorized SIM changes.
Below are key steps to protect your number and reduce your risk of SIM-swapping attacks.
1. Set Up a PIN or Password
Most carriers let you add a dedicated PIN or account password used specifically for making changes to your line. Anyone who calls in or attempts to modify your account must provide this PIN. Set it through your carrier’s security settings and save it somewhere safe.
2. Avoid SMS-Based Authentication
Two-factor authentication is essential, but SMS codes are the weakest method because they can be intercepted during a SIM swap. Instead, use an authenticator app or a physical security key whenever possible. These methods prevent attackers from entering your accounts even if they obtain your number.
3. Choose a Strong, Unique Password
A strong, unique password reduces the risk of attackers accessing your carrier account through credential leaks. Use a password manager to generate and store secure passwords, and avoid reusing them across multiple logins.
4. Be Careful What You Post
Avoid sharing personal information—such as your phone number, address, or email—publicly online. Scammers often gather clues from social media to impersonate victims during a SIM-swap attempt.
5. Watch What You Message
Email and some texts are not fully secure. Avoid sending sensitive details like Social Security numbers, account numbers, or passwords through these channels.
6. Ignore Unexpected Requests
Phishing attempts may impersonate services you use and ask for login information or personal data. Never respond directly. Instead, contact the company through its official website or support line to verify the request.
7. Activate Your Carrier’s SIM Protection
Each major carrier offers tools to prevent unauthorized number transfers:
Verizon:
Enable SIM Protection and Number Lock through your account’s Profile & Settings. These features block unauthorized SIM, device, or number changes.
AT&T:
Use Wireless Account Lock via the myAT&T app. Once enabled, no number transfers or account modifications can be made without unlocking it first.
T-Mobile:
Activate SIM Protection through your profile settings on the T-Mobile website or T-Life app. This prevents port-outs and number-transfer attempts.
Strengthening your carrier security, avoiding risky authentication methods, and limiting your personal data exposure significantly reduce the chances of falling victim to SIM-swapping attacks.
