Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: User Access Control

SIM swapping: what it is and how to protect yourself

SIM swapping (also called SIM hijacking) is an attack where a criminal convinces your mobile network to transfer your phone number to a SIM card they control. Once they have your number, they can intercept SMS verification codes and take over your accounts. This guide explains how it works and how to protect yourself.

SIM card and ejector tool laid flat on a white surface

What is SIM swapping?

Mobile networks allow customers to transfer their number to a new SIM card, a legitimate feature for when you get a new phone. Attackers exploit this by impersonating you to your network, claiming to have lost their SIM and requesting a transfer. Once successful, your number routes to their SIM and you lose service.

  • With your phone number, attackers can intercept SMS two-factor authentication codes
  • They can trigger "forgot password" flows that send verification codes to "your" number
  • A successful SIM swap can give access to your bank accounts, email, and social media within minutes
  • UK networks must verify identity before carrying out a SIM swap, but social engineering can defeat these checks

Warning signs that a SIM swap is happening

The most immediate sign is that your phone loses service: calls and texts stop working:

  • Your phone suddenly shows "No service" or "Emergency calls only" outside of poor coverage areas
  • You receive unexpected texts asking you to confirm a SIM change you did not request
  • You receive unexpected 2FA codes for accounts you are not trying to access
  • Your mobile network app sends an alert about account changes
  • Act immediately: call your network from a different phone and ask them to freeze your account

How to protect yourself

These steps significantly reduce your SIM swap risk:

  • Use an authenticator app for 2FA instead of SMS: authenticator codes cannot be intercepted via SIM swap
  • Set a network PIN or "port freeze" with your mobile provider (most UK networks offer this); it adds an extra check before number transfers
  • Limit the personal information publicly available about you (full name, date of birth, address): this is the data attackers use to social-engineer your network
  • Use a unique, strong email address and password for your mobile network account
  • Enable 2FA on your mobile network account if they offer it
  • Be cautious of unexpected texts asking you to call a number or confirm details

What to do if you are a victim of SIM swapping

Time is critical: act on all of these as quickly as possible:

  • Call your mobile network from a different phone immediately and report the SIM swap
  • Contact your bank if you have linked any accounts to that phone number
  • Change your email password and enable 2FA using an authenticator app
  • Report to Action Fraud: actionfraud.police.uk or 0300 123 2040
  • Review your accounts for any changes or transactions you did not authorise

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub