SIM Swapping: How Hackers Steal Phone Numbers to Hijack Accounts

Imagine waking up one day to find that you have been logged out of all your online accounts, your bank account has been emptied, and hackers are posting from your social media. The worst part? You never shared your password with anyone.

This is the terrifying reality of SIM swapping, a cybercrime technique that allows hackers to hijack your phone number and use it to gain access to your online accounts. Even two-factor authentication (2FA) can’t save you if hackers control your phone number.

In this article, we’ll explore:
✔️ How SIM swapping works
✔️ Real-world examples of SIM swap attacks
✔️ How hackers use stolen phone numbers
✔️ How to protect yourself from SIM swapping

What is SIM Swapping?

SIM swapping (also called SIM hijacking or SIM jacking) is when a hacker transfers your phone number to a new SIM card under their control. This allows them to:

🔹 Receive all your calls and SMS messages
🔹 Bypass two-factor authentication (2FA) codes
🔹 Reset passwords for your bank, email, and social media accounts
🔹 Impersonate you in online transactions

How Does SIM Swapping Work?

Hackers trick or bribe mobile carrier employees into transferring your phone number to a new SIM card. Here’s how it happens:

1️⃣ Gathering Your Personal Information

• Hackers collect your name, phone number, email, date of birth, and address from data breaches or social media.

• Some hackers even phish for personal details by pretending to be customer support agents.

2️⃣ Convincing Your Mobile Carrier to Transfer Your SIM

• Hackers contact your mobile provider (AT&T, T-Mobile, Verizon, etc.).

• They pretend to be you and claim they lost their phone or got a new device.

• If the carrier asks for security questions, they use stolen data to answer them.

• If that fails, some hackers bribe or trick employees into making the switch.

3️⃣ Taking Over Your Accounts

• Once the hacker controls your phone number, they reset your passwords.

• Most banks, social media, and email providers use SMS-based 2FA, so the hacker can receive the verification codes.

• Within minutes, they lock you out of your accounts and take control.

Real-World SIM Swapping Attacks

Case #1: Twitter CEO Jack Dorsey’s Twitter Account Hijacked

In 2019, hackers took over Twitter CEO Jack Dorsey’s Twitter account using SIM swapping. They used his phone number to reset his Twitter password and posted offensive tweets.

🔹 Lesson: If even tech CEOs aren’t safe, anyone can be a target.

Case #2: $24 Million Stolen from a Cryptocurrency Investor

In 2018, a hacker used SIM swapping to steal $24 million in cryptocurrency from investor Michael Terpin. The hacker took control of his phone number and reset his cryptocurrency wallet passwords, transferring all funds to their own account.

🔹 Lesson: Crypto investors are prime targets for SIM swap fraud.

Case #3: Thousands of Bank Accounts Hijacked

In 2021, a SIM swapping gang hijacked phone numbers across the US and drained thousands of victims’ bank accounts. Victims lost their life savings in some cases.

🔹 Lesson: If your phone number is linked to your bank account, you’re at risk.

How Hackers Use Stolen Phone Numbers

Once a hacker controls your phone number, they can:

✔ Reset Passwords – Use SMS-based 2FA to reset your bank, email, and crypto wallets
✔ Access Private Accounts – Log into your WhatsApp, Facebook, Instagram, etc.
✔ Steal Money – Withdraw funds from your bank, PayPal, or crypto wallets
✔ Blackmail & Extortion – Threaten to expose personal data unless you pay them
✔ Impersonate You – Scam your contacts by pretending to be you

How to Protect Yourself from SIM Swapping

✅ 1. Use App-Based Authentication Instead of SMS 2FA

• Avoid using SMS for two-factor authentication (2FA).

• Instead, use Google Authenticator, Microsoft Authenticator, or Authy.

• For extra security, use a physical security key (YubiKey, Titan Key).

✅ 2. Set Up a PIN With Your Mobile Carrier

• Call your mobile provider and request a PIN for your account.

• Even if a hacker calls your carrier, they can’t swap your SIM without the PIN.

✅ 3. Monitor Your Phone for Sudden Signal Loss

• If your phone suddenly loses network connection for no reason, call your provider immediately.

• This could be a sign that your SIM has been hijacked.

✅ 4. Use a Separate Email for Bank & Financial Accounts

• Don’t link your primary email to your bank account.

• Create a separate, secret email for banking and crypto accounts.

✅ 5. Use a Password Manager

• Never reuse passwords for important accounts.

• A password manager (1Password, Bitwarden, LastPass) helps generate and store unique passwords.

✅ 6. Beware of Phishing & Social Engineering

• Hackers often call victims pretending to be customer support.

• Never share your PIN, security questions, or verification codes with anyone!

✅ 7. Lock Your SIM Card with a PIN

• Set up a SIM PIN on your phone so that even if someone inserts your SIM into another phone, they can’t access it.

• On iPhone: Settings → Cellular → SIM PIN

• On Android: Settings → Security → SIM Card Lock

✅ 8. Enable “Number Lock” with Your Carrier

• Some carriers allow you to freeze your number so it can’t be transferred without your consent.

• Check if your mobile provider offers this feature.

What To Do If You Are a Victim of SIM Swapping?

🚨 If you suspect you’ve been SIM-swapped, take action immediately:

🔹 Call your mobile provider ASAP – Tell them your SIM was hijacked and request to reverse the transfer.
🔹 Change all your passwords – Start with your email and bank accounts.
🔹 Contact your bank & financial institutions – Lock your accounts and enable fraud alerts.
🔹 Check your email & social media for unusual activity – Hackers may have tried to reset your passwords.
🔹 Report to law enforcement – File a complaint with the FBI’s IC3 (Internet Crime Complaint Center) or your local police.