What is SIM Swapping?
A social engineering attack where an attacker convinces a mobile carrier to transfer your phone number to their SIM card, hijacking SMS-based authentication.
SIM swapping is one of the most effective attacks against SMS-based two-factor authentication.
How It Works
- Attacker gathers personal information about the victim
- Calls the mobile carrier pretending to be the victim
- Convinces the carrier to transfer the number to a new SIM
- Victim's phone loses service
- Attacker receives all SMS messages, including 2FA codes
- Attacker resets passwords on bank accounts, email, crypto exchanges
Impact
- Cryptocurrency theft (millions of dollars in documented cases)
- Email account takeover
- Bank account access
- Identity theft
Protection
- Never use SMS for 2FA — use TOTP apps or hardware keys instead
- Add a PIN/passphrase to your carrier account
- Port freeze: Ask your carrier to prevent number transfers
- Don't share your phone number publicly when possible
- Use a separate number for sensitive accounts (VoIP or MySudo)
Related Terms
Social Engineering
Psychological manipulation techniques used to trick people into revealing confidential information or performing actions that compromise security. Social engineering exploits human trust rather than technical vulnerabilities.
Time-Based One-Time Password (TOTP)
A two-factor authentication method that generates temporary codes based on the current time and a shared secret, used by apps like Google Authenticator.
Two-Factor Authentication
A security method requiring two different types of identification to access an account: something you know (password) plus something you have (phone, hardware key) or something you are (biometric). This significantly reduces the risk of unauthorized access even if your password is compromised.
Have more questions?
Use our guided flow to get the right next privacy step for SIM Swapping.
Open Guided Flow