Article · Wikipedia archive · Last revised Jun 3, 2026

SIM swap attack

A SIM swap attack is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

Last revised
Jun 3, 2026
Read time
≈ 7 min
Length
1,538 w
Citations
29
Source
Wikipedia ↗

A SIM swap attack (also known as port-out scam, SIM splitting,1 simjacking, and SIM swapping)2 is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification in which the second factor or step is a text message (SMS) or call placed to a mobile telephone.

Method

The fraud exploits a mobile phone service provider's ability to seamlessly port a phone number to a device containing a different subscriber identity module (SIM). This mobile number portability feature is normally used when a phone is lost or stolen, or a customer is switching service to a new phone.

The scam begins with a fraudster gathering personal details about the victim, either by use of phishing emails, by buying them from organised criminals,3 directly socially engineering the victim,4 or by retrieval from online data breaches.5

Armed with these details, the fraudster contacts the victim's mobile telephone provider. The fraudster uses social engineering techniques to convince the telephone company employee to port the victim's phone number to the fraudster's SIM. This is done, for example, by impersonating the victim using personal details to appear authentic and claiming that they have lost their phone. Alternatively, fraudsters bribe telecom employees to port the victim's phone number to a new SIM.6 In some countries, notably India and Nigeria, the fraudster will have to convince the victim to approve the SIM swap by pressing 1.784

Once they have a victim's personal information, attackers commonly impersonate them while contacting technical support services for their telecommunication provider and attempt to convince the employees to switch the victim's phone number to their SIM card.910 In some cases telephone company employees have been bribed by attackers to directly change SIM numbers.115 Attackers have sought out employees of companies including T-Mobile and Verizon through social media or employee directories in attempts to bribe them, sometimes promising money in cryptocurrency for each phone number they transferred.1213

Once this happens, the victim's phone will lose connection to the network, and the fraudster will receive all the SMS and voice calls. This allows the fraudster to intercept one-time passwords sent via text or telephone calls to the victim's number and thus subvert two-factor authentication methods relying on them. Since so many services allow password resets with only access to a recovery phone number, the scam allows criminals to gain access to almost any account tied to the hijacked number. This may allow them to directly transfer funds from a bank account, extort the rightful owner, or sell accounts on the black market for further identity theft and fraud.

Incidents

A number of high-profile hacks have occurred using SIM swapping, including some on the social media sites Instagram and Twitter. In 2019, Twitter CEO Jack Dorsey's Twitter account was hacked via this method.1415

In December 2018, digital currency investor Michael Terpin – the founder and chief executive officer of Transform Group – filed a lawsuit against Nicholas Truglia, and in May 2020 filed a second lawsuit against 18-year-old Irvington High School senior in Irvington, New York, Ellis Pinsky, accusing them and 20 co-conspirators of swindling $23.8 million in 2018 through the use of account information stolen from smartphones by SIM swaps. At the time, Truglia was 18 years old and Ellis was 15. Truglia was sentenced to 18 months in prison and ordered to pay back $20 million, and Pinsky was ordered to pay back $22M but, as a minor, avoided prison.1617 1819

The Microsoft Digital Defense Report 2024 stated that less than one-third of one percent of identity attacks use SIM swapping (compared to 99 percent for breach replay, password spray, and phishing).20

The US FBI received 1,600 complaints about SIM-swapping in 2021, an increase of more than 400 percent from 2018.2122 "The FBI says that victims lost $68 million to this SIM-card based scam in 2021, compared to just $12 million combined from 2018 through 2020."21 SIM swap complaints to the FBI in 2022 rose 26 percent, to 2,026, then dropped by 47 percent to 1,075 in 2023, and dropped by 9 percent to 982 in 2024. The peak in 2022 represented less than 0.3 percent of all reported Internet crimes, including phishing/spoofing (44 percent), data breach (8 percent), and identity theft (4 percent).23

SIM swap reports to the UK National Fraud Database rose over 1,000 percent from 2023 to 2024, but the 2,760 reported cases represented less than one percent of all fraud reports.24

Kenya’s Safaricom, which serves about two-thirds of Kenya’s 70 million phones, experienced a 327 percent increase in SIM swapping from 2024 to 2025, a jump from 11 cases to 47.25

In South Korea, various alleged incidents of SIM swapping attacks have been documented since the beginning of 2022. The common pattern includes victims facing abrupt disruptions in their mobile services, coupled with a notification suggesting a change. As a result, affected individuals discover that their bank and cryptocurrency accounts have been compromised.26

References

References

  1. admin (2014-05-09). "Alert – how you can be scammed by a method called SIM Splitting". Action Fraud. Archived from the original on 2018-08-23. Retrieved 2018-08-22.
  2. "NPR Search : NPR". www.npr.org. Retrieved 2019-10-25.
  3. Tims, Anna (2015-09-26). "'Sim swap' gives fraudsters access-all-areas via your mobile phone". the Guardian. Archived from the original on 2023-05-03. Retrieved 2018-08-22.
  4. "Many Bengalureans lose cash to sim card swap fraud - Times of India". The Times of India. Archived from the original on 2017-04-27. Retrieved 2018-08-22.
  5. Murphy, Margi; Bennett, Drake (August 4, 2023). "Teen Gamers Swiped $24 Million in Crypto, Then Turned on Each Other". Bloomberg Businessweek. Retrieved May 11, 2024.
  6. Zetter, Kim (2026-02-16). "Hackers made death threats against this security researcher. Big mistake". MIT Technology Review.
  7. "Experts Finger Insiders in Telcos for Rising SIM Swap Fraud – Nigerian CommunicationWeek". Nigeria CommunicationsWeek. 14 July 2018. Archived from the original on 2018-08-17. Retrieved 2018-08-22.
  8. "You will be requested to press 1 or authenticate this Swap". Gadget Now. Archived from the original on 2023-03-06. Retrieved 2018-08-22.
  9. Hartmans, Avery (12 April 2023). "A hacker ripped me off for $10,000. The scam turned out to be brilliant — and terrifying". Business Insider. Archived from the original on 24 May 2025. Retrieved 11 May 2024.
  10. Franceschi-Bicchierai, Lorenzo (9 July 2020). "Verizon Adds Protection Against SIM Swapping Hacks in Mobile App". Vice. Archived from the original on 9 August 2025. Retrieved 11 May 2024.
  11. Franceschi-Bicchierai, Lorenzo (2019-05-13). "AT&T Contractors and a Verizon Employee Charged With Helping SIM Swapping Criminal Ring". Vice News. Archived from the original on 2025-06-12. Retrieved 2020-01-23. Among the alleged criminals were also two former AT&T contract employees and one former Verizon employee, who helped the alleged criminals by providing private customer information in exchange for bribes, according to court documents.
  12. Franceschi-Bicchierai, Lorenzo (3 August 2018). "How Criminals Recruit Telecom Employees to Help Them Hijack SIM Cards". Vice. Archived from the original on 17 September 2025. Retrieved 11 May 2024.
  13. TRUȚĂ, Filip (17 April 2024). "Scammers Are Tempting Telecom Employees with $300 Bribe Offers for SIM Swapping Help". Bitdefender. Retrieved 11 May 2024.
  14. Barrett, Brian. "How to Protect Your Phone Against a SIM Swap Attack". Wired. Archived from the original on 2025-09-24. Retrieved 2019-08-31 – via www.wired.com.
  15. Brandom, Russell (August 31, 2019). "The frighteningly simple technique that hijacked Jack Dorsey's Twitter account". The Verge. Archived from the original on September 28, 2025. Retrieved August 31, 2019.
  16. Stempel, Jonathan (7 May 2020). "U.S. cryptocurrency investor sues suburban NYC teen for $71.4 million over alleged swindle". Reuters. Archived from the original on 6 March 2023. Retrieved 4 January 2021.
  17. Nadeau, Barbie Latza (8 May 2020). "15-Year-Old From Suburbs Led 'Evil Computer Geniuses' in $24M Cryptocurrency Heist: Lawsuit". The Daily Beast. Archived from the original on 4 February 2026. Retrieved 18 February 2026.
  18. Vlad Constantinescu (5 December 2022). "SIM Swapper Involved in $22 Million Crypto Heist Sentenced to 18 Months in Prison". Bitdefender. Archived from the original on 12 November 2025. Retrieved 18 February 2026.
  19. "'Baby Al Capone' Crypto Hacker Agrees to Pay $22M to His Victim". Levin Law. 19 October 2022. Archived from the original on 14 March 2026. Retrieved 18 February 2026.
  20. "Microsoft Digital Defense Report 2024" (PDF). Microsoft. Archived (PDF) from the original on 29 January 2026. Retrieved 18 February 2026.
  21. Winters, Mike (February 19, 2022). "This SIM card scam once fooled Jack Dorsey—here's how to avoid it". CNBC. Archived from the original on June 30, 2025. Retrieved February 19, 2022.
  22. Otis, Ginger Adams (February 18, 2022). "SIM-Swapping Attacks, Many Aimed at Crypto Accounts, Are on the Rise". The Wall Street Journal. Archived from the original on February 19, 2022. Retrieved February 19, 2022.
  23. "Annual Reports". FBI Internet Crime Complaint Center (IC3). Federal Bureau of Investigation. Archived from the original on 20 February 2026. Retrieved 18 February 2026.
  24. "1,055% surge in unauthorised SIM swaps as mobile and telecoms sector hit hard by rising fraud". cifas. Archived from the original on 4 February 2026. Retrieved 18 February 2026.
  25. "Safaricom SIM swap fraud investigations up 327pc". Capital Business. Capital Digital Media. 9 October 2025. Retrieved 18 February 2026.
  26. Kim, Myounghoon; Suh, Joon; Kwon, Hunyeong (August 2022). "A Study of the Emerging Trends in SIM Swapping Crime and Effective Countermeasures". 2022 IEEE/ACIS 7th International Conference on Big Data, Cloud Computing, and Data Science (BCD). pp. 240–245. doi:10.1109/BCD54882.2022.9900510. ISBN 978-1-6654-6582-3. S2CID 252625262.