SIM Swapping Protection: How to Stop Attackers From Hijacking Your Phone Number
SIM swapping lets attackers hijack your phone number and bypass SMS-based two-factor authentication. Learn exactly how this attack works, which accounts are most at risk, and the specific steps you can take to protect yourself today.
What Is SIM Swapping and Why Should You Care
SIM swapping — also called SIM hijacking or port-out fraud — is an attack where a criminal convinces your mobile carrier to transfer your phone number to a SIM card they control. Once they have your number, every phone call and SMS message intended for you goes to them instead. That means every SMS-based two-factor authentication code, every account recovery text, and every verification call is intercepted before you ever see it.
The consequences can be devastating. Attackers have used SIM swapping to drain cryptocurrency wallets, take over email accounts, reset passwords on banking apps, and lock victims out of their own devices for days or weeks. High-profile cases include the theft of over $100 million in cryptocurrency from individual victims and the compromise of Twitter accounts belonging to public figures. But SIM swapping is not limited to wealthy targets — anyone who uses SMS-based 2FA on a valuable account is at risk.
The attack works because mobile carriers rely on knowledge-based verification — asking for the last four digits of your Social Security number, your billing address, or your account PIN — and that information is often available through data breaches, social engineering, or public records. A skilled attacker can impersonate you convincingly enough to pass these checks, especially if your personal data has already been exposed in a breach. Services like NordProtect monitor the dark web for exactly this kind of leaked data, alerting you before attackers can weaponize it.
How Attackers Execute a SIM Swap
Understanding the mechanics of a SIM swap helps you understand exactly where the vulnerabilities are and how to close them. The attack typically follows this sequence.
First, the attacker researches you. They compile your phone number, your carrier, and personal identifiers from data broker sites, previous data breaches, social media profiles, and sometimes LinkedIn or public records. Tools that aggregate leaked breach data can provide your name, address, date of birth, and the last four digits of your SSN from a single search query.
Next, they either call your carrier's customer support line directly or visit a retail store location. They claim to be you, say they lost their phone or damaged their SIM, and request a transfer to a new SIM card they already have in hand. If the carrier's verification process is weak — or if they've bribed a carrier employee, which has happened in documented cases — the transfer goes through within minutes.
Finally, with your number in their control, they trigger password resets on your accounts using the "forgot password" flow, which sends a recovery code via SMS. They change your passwords, disable your legitimate 2FA, and methodically work through your accounts before you even notice your phone has lost service.
How to Know If You've Been SIM-Swapped
The first sign is usually sudden loss of cellular service on your phone — calls fail, SMS stops delivering, and your phone shows "No Service" or "SOS Only." This happens because your number has been moved off your SIM. If this occurs unexpectedly, especially alongside unusual login alerts or password reset emails arriving in your inbox, treat it as a potential SIM swap emergency.
Act immediately: call your carrier from a different phone or via Wi-Fi calling, visit a retail store in person with government ID, and lock down your most critical accounts — email and financial — from a trusted device before the attacker can access them. Time matters. Most SIM swap attacks are carried out within 30 to 60 minutes of the number transfer.
Other signs mid-attack include: apps suddenly requiring re-login, unexpected password reset emails, or friends receiving suspicious messages from your number. Any of these combined with a service outage on your phone should trigger an immediate response.
Step-by-Step: How to Protect Yourself From SIM Swapping
The following steps address the specific vulnerabilities that SIM swap attacks exploit. Work through them in order — the first three are the highest impact.
1. Set a carrier account PIN or port-freeze. Every major US carrier (AT&T, Verizon, T-Mobile) allows you to set a separate PIN or passcode on your account that must be provided before any SIM changes are made. This is different from your account password. Set one now: log in to your carrier's website or app, go to account security settings, and set a unique PIN that you haven't used anywhere else. Use our free password generator to create one that's random and hard to guess. T-Mobile additionally offers "NOPORT" — a free block that prevents your number from being ported out without a visit to a store with government ID. AT&T offers "Extra Security" which requires your passcode for any account changes.
2. Replace SMS-based 2FA with an authenticator app or hardware key. Remove SMS as the authentication method on every important account and replace it with an authenticator app (Google Authenticator, Authy, or Aegis on Android) or a hardware security key like a YubiKey. App-based TOTP codes are generated on your device and never sent via SMS — a SIM swap doesn't give an attacker access to them. A hardware key is even stronger. Check every financial, email, and social media account you own and migrate away from SMS-based 2FA wherever the service supports it.
3. Use a dedicated, private email address for account recovery. Your primary email address is known to many services and may be in breach databases. Create a second email address used only for account recovery that you don't share with anyone and don't use for communications. Store the credentials in a password manager like NordPass or 1Password and never mention this address publicly. This makes it much harder for an attacker who has compromised your phone number to chain into your accounts via email recovery.
4. Freeze your credit with all three bureaus. SIM swapping is often a component of broader identity theft. Freezing your credit at Equifax, Experian, and TransUnion prevents attackers from opening new credit accounts in your name even if they obtain your personal information. Credit freezes are free and can be temporarily lifted when you need to apply for credit. See our guide on how to freeze your credit for step-by-step instructions.
5. Monitor the dark web for your personal data. The data attackers use to impersonate you at your carrier — your SSN partial, billing address, date of birth — usually comes from previous data breaches. NordProtect scans dark web markets and breach dumps and alerts you when your information surfaces, giving you a head start to lock down accounts before they're weaponized. Early warning is often the difference between stopping an attack and recovering from one.
6. Reduce your exposure on data brokers. Sites like Spokeo, Whitepages, BeenVerified, and Intelius compile and sell your personal information — address, phone number, relatives, date of birth. Remove yourself from these services periodically. Less data available makes social engineering attacks harder to execute convincingly.
Which Accounts to Prioritize First
Not every account carries equal risk. Focus your SIM swap protections on accounts in this priority order.
- Primary email — It's the master key to every other account's password reset flow. Lock it down with a hardware key or TOTP, remove SMS 2FA, and enable login notifications.
- Financial accounts — Bank, brokerage, and cryptocurrency exchanges are high-value targets. Crypto in particular is irreversible once sent.
- Mobile carrier account — A compromised carrier account enables the SIM swap itself. Set the carrier PIN first.
- Social media accounts — Accounts with large followings or linked financial integrations (Facebook Pay, Twitter/X monetization) are increasingly targeted.
- Work accounts — A compromised work email can expose your employer's systems and put your job at risk. Report any breach to IT immediately.
For each account type, also review connected third-party apps and revoke access to anything you no longer use — each connected app is an additional attack surface. Read our complete 2FA guide for a walkthrough on migrating every major service away from SMS.
SIM Swapping vs. Other Phone-Based Attacks
It's worth understanding how SIM swapping compares to other attacks that exploit your phone number, so you can calibrate your defenses appropriately.
| Attack Type | How It Works | Primary Defense |
|---|---|---|
| SIM Swapping | Convinces carrier to transfer your number | Carrier PIN + TOTP 2FA |
| SS7 Attacks | Exploits telecom protocol to intercept SMS | TOTP / hardware key (same fix) |
| SIM Cloning | Creates a duplicate of your physical SIM | Carrier account lock, eSIM |
| Phishing for OTPs | Tricks you into handing over SMS codes | Awareness + hardware key |
The good news: migrating away from SMS-based 2FA defends against all four attack types simultaneously. The common thread is removing SMS as a security mechanism entirely.
SIM Swapping Protection Checklist
- ☐ Set a carrier account PIN at AT&T, Verizon, or T-Mobile — use a unique random PIN from our password generator
- ☐ Enable port freeze or "NOPORT" if your carrier offers it
- ☐ Removed SMS 2FA from email accounts — replaced with TOTP or hardware key
- ☐ Removed SMS 2FA from financial accounts — replaced with TOTP or hardware key
- ☐ Removed SMS 2FA from social media accounts
- ☐ Created a dedicated, private recovery email address stored in NordPass
- ☐ Frozen credit at Equifax, Experian, and TransUnion
- ☐ Enrolled in dark web monitoring via NordProtect
- ☐ Submitted data broker opt-out requests
- ☐ Set up login alerts on critical accounts so unexpected logins trigger a notification
Recommended Tools
For storing the unique carrier PINs, recovery email credentials, and account passwords that protect against SIM swap attacks, we recommend NordPass (zero-knowledge encryption, free tier available) or 1Password for family or team use. Both support storing secure notes alongside passwords, which is useful for keeping carrier PINs and recovery codes organized.
For dark web monitoring and identity protection — especially important given that SIM swap attackers rely on leaked personal data — NordProtect scans breach databases and alerts you when your SSN, email, phone number, or financial data surfaces in criminal marketplaces.
See our full security tools guide for more recommendations on building a resilient personal security stack, and our identity theft protection guide for broader coverage of how to safeguard your personal information.
Recommended next step
Compare identity protection tools
Breach alerts and recovery support are most useful before a leaked credential turns into account takeover.
Compare identity protection tools →Keep Improving Your Account Security
- Browse the phishing hub for the complete set of related guides.
- Google Authenticator vs. Authy: Which 2FA App Should You Use in 2026?
- How to Secure Your Microsoft Account: Passwords, 2FA, and Recovery Options
- How to Secure Your LinkedIn Account: Passwords, 2FA, and Privacy Settings
- Two-Factor Authentication Guide: How to Enable 2FA on Every Important Account