What Is SIM-Swap Fraud?
How criminals steal
your phone number.
SIM-swap fraud — also called SIM hijacking or port-out fraud — is when a criminal convinces your carrier to transfer your phone number to a SIM card they control. Once they have your number, every SMS verification code goes to them, not you.
1
Criminal gathers your personal info
They buy your data from breaches, scrape social media, or use phishing. They need your name, address, phone number, and sometimes last 4 of SSN.
2
They impersonate you to your carrier
By phone, in-store, or online — they claim to be you, say they lost their phone, and request a SIM transfer. Some carrier reps can be deceived.
3
Your phone goes silent
Your phone loses signal. No calls, no texts. The criminal now controls your number. Most victims don't notice immediately.
4
They reset all your accounts
Bank, email, crypto exchange, PayPal — any account using SMS-based two-factor authentication is now compromised. They receive your verification codes.
5
Money and accounts drained
Within 30 minutes they can empty bank accounts, sell crypto holdings, and lock you out of your own email. Recovery takes weeks to months.
🎯 Who Is Most at Risk?
- Anyone with cryptocurrency holdings — primary target
- People who use SMS for two-factor authentication on banking
- Anyone who has been in a data breach (most Americans)
- People who share personal info publicly on social media
- Anyone currently in the process of switching carriers
- Small business owners with mobile banking access
⚠️ Carrier Switching Window
When you switch carriers, your number temporarily goes through a port process that criminals can exploit. Digit Relay's post-port security guide walks you through locking your number immediately after activation.
Warning Signs
Recognize an attack in progress.
These signs mean you may be under attack right now. Act immediately — every minute counts.
Your phone loses signal suddenly
Unexpected loss of service — no calls, no texts, no data — when you haven't traveled and there's no outage. This is the most common first sign.
Unexpected carrier notifications
Texts or emails from your carrier about account changes, SIM updates, or number transfers you didn't request.
Locked out of accounts
Your email, bank, or social media passwords suddenly stop working. Criminals change them immediately after gaining access.
Unauthorized transactions
Bank alerts or statements showing transactions you didn't make — especially if your phone just lost signal.
Password reset emails you didn't request
Receiving password reset confirmations for accounts you didn't try to access — criminals are working through your accounts.
Calls or texts from unknown numbers
Criminals sometimes call first to confirm your phone is active before initiating the swap. Unknown calls asking for personal info are a red flag.
Your Security Assessment
Check your SIM-swap protection score.
Check off every protection you have in place. Your score updates in real time. Aim for 100%.
SIM-Swap Protection Score
Check each protection you currently have in place
0%
Protection Level
⚠️ You have no SIM-swap protections in place. Check items below to improve your score.
📱 Carrier-Level Protections
Number Lock / Port Freeze enabled at my carrier
+20 pts
The single most effective protection. Prevents any port request from being processed without your explicit approval. Available at Verizon (Number Lock), T-Mobile (Port Out Protection), AT&T (Number Transfer PIN lock), and most other carriers.
Set a unique carrier account PIN
+15 pts
Use a PIN that is not your birthday, last 4 of SSN, or any number that could be found in a data breach. A random 6-digit PIN is ideal. Store it in a password manager.
Added a verbal passcode or security question to carrier account
+10 pts
Many carriers allow you to add an extra verbal password required for any in-store or phone account changes. Call your carrier to set this up.
🔐 Authentication Security
Switched from SMS 2FA to authenticator app
+20 pts
SMS-based two-factor authentication is the primary target of SIM-swap attacks. Switch to Google Authenticator, Authy, or Microsoft Authenticator for email, banking, and any other critical accounts. These apps work even if your number is stolen.
Using a hardware security key for critical accounts
+10 pts
A physical YubiKey or similar hardware key is the strongest form of two-factor authentication. Recommended for email, financial accounts, and crypto exchanges.
Using a password manager with unique passwords
+5 pts
Reused passwords across accounts means one breach compromises everything. 1Password, Bitwarden, or Dashlane — all have free tiers. Every account should have a unique, randomly generated password.
🏦 Financial Account Protection
Bank accounts not linked to SMS verification
+10 pts
Contact your bank and switch any SMS-based verification to an authenticator app. If your bank only supports SMS 2FA, request they add alternative methods — many now support authenticator apps.
Set up transaction alerts on all financial accounts
+5 pts
Enable real-time alerts for any transaction over $1. If your number is swapped and your account is accessed, you'll know immediately even if you can't receive texts.
Crypto holdings in cold wallet or hardware wallet
+5 pts
If you hold cryptocurrency, a hardware wallet (Ledger, Trezor) keeps assets offline and inaccessible via SIM-swap. Exchange-held crypto is highly vulnerable.
👤 Personal Information Control
Removed phone number from social media profiles
+5 pts
Your phone number on Facebook, Instagram, or LinkedIn gives criminals a starting point. Remove it from all public profiles. Your phone number is not a form of identity verification — it's a liability.
Opted out of data broker sites
+5 pts
Sites like Spokeo, WhitePages, and BeenVerified sell your personal data. Use DeleteMe or manually opt out to reduce the information criminals can buy about you. Not perfect but reduces risk significantly.
Carrier-Specific Steps
How to lock your number at every carrier.
These are the exact steps to enable number lock at each major carrier. Do this before and immediately after any port.
🔴
Verizon — Number Lock
1Open My Verizon app or go to verizon.com
2Go to Account → Manage Device → Number Lock
3Toggle Number Lock ON for each line
4Confirm with your account PIN
✓ Must disable temporarily when you want to port away
🩷
T-Mobile — Port Out Protection
1Open T-Mobile app or go to my.t-mobile.com
2Go to Account → Line Settings
3Select each line individually
4Find Port Out Protection → Toggle ON
⚠️ Must be disabled per line — not per account
🔵
AT&T — Number Transfer PIN
1Go to att.com/myatt and sign in
2Go to Profile → Manage Extra Security
3Set a unique Transfer PIN (not your account PIN)
4Store it securely — required for any port request
✓ AT&T requires this PIN for all authorized ports
🟢
Mint Mobile — Account PIN
1Log into mintmobile.com
2Go to Account Settings → Security
3Set a unique account PIN
4Enable two-factor authentication on your Mint account
⚠️ Mint has no dedicated port lock — PIN is your only protection
⚪
Visible — Account Security
1Open Visible app → Account
2Enable two-factor authentication on your Visible account
3Use an authenticator app (not SMS) for Visible 2FA
4Set a strong unique password for your Visible account
⚠️ Visible has limited port lock options — account security is critical
🔷
US Mobile — Port-Out PIN
1Log in to usmobile.com and go to Account Settings
2Navigate to Security → Port-Out Protection
3Enable Port-Out Protection and set a unique PIN
4Enable two-factor authentication on your US Mobile account
✅ US Mobile supports port-out protection across all three networks — Verizon, T-Mobile, and AT&T.
🔴
Straight Talk — Account PIN
1Log in to straighttalk.com and go to My Account
2Go to Account Settings → Security
3Set a unique account PIN different from your password
4Your PIN will be required before any port-out request is processed
✅ Keep your account PIN stored securely — Straight Talk requires it for all number transfers.
🟣
Total Wireless — Account Security
1Log in to totalwireless.com and go to My Account
2Navigate to Account Settings → Security
3Set a strong unique account PIN
4Enable any available two-factor authentication options
✅ Total Wireless runs on Verizon — use the same port-out PIN vigilance as Verizon itself.
🟣
Metro by T-Mobile — Account PIN
1Log in to metrobyt-mobile.com or open the Metro app
2Go to My Account → Profile → Security
3Set a unique account PIN — required for all port-out requests
4Enable two-factor authentication on your Metro account
✅ Metro uses T-Mobile infrastructure — enabling Port Out Protection on your Metro account mirrors T-Mobile protections.
🟠
LycaMobile — Account PIN
1Log in to lycamobile.com and go to My Account
2Go to Account Settings → Security Settings
3Set a unique account PIN for port-out verification
4Contact Lyca customer support to confirm port-out PIN requirements for your line
✅ LycaMobile runs on T-Mobile — your account PIN is required before any number transfer is processed.
💚
Noble Mobile — Account Security
1Log in to noblemobile.com and go to Account Settings
2Set a unique account PIN under Security Settings
3Enable two-factor authentication if available on your account
4Contact Noble support to confirm port-out PIN and transfer requirements
✅ Noble Mobile runs on T-Mobile — secure your account PIN before switching to protect your number.
🟢
Gabb Wireless — Account PIN
1Log in to gabbwireless.com and go to Account Settings
2Navigate to Security and set a unique account PIN
3Your account number is available in Account Settings — needed for any port
4Contact Gabb support at 1-855-222-7733 to request a port-out PIN before switching
✅ Gabb is a kids-focused carrier on Verizon — parental account verification is required for all port-out requests.
🟡
Infimobile — Account Security
1Log in to infimobile.com or open the Infimobile app
2Go to Account Settings → Security
3Set a unique Transfer PIN — required for all port-out requests
4Infimobile is digital-only — all security settings managed through app or website
✅ Infimobile bills annually upfront — time your switch carefully to minimize loss of unused months.
Emergency Response
If you think you've been attacked —
act in this exact order.
Every minute matters. Do not wait. Work through these steps immediately even if you're not 100% sure.
1
Call your carrier immediately Do first
Tell them your number may have been fraudulently ported. Ask them to freeze your account and reverse the port. Carrier fraud departments operate 24/7. Verizon: 1-800-922-0204 · AT&T: 1-800-331-0500 · T-Mobile: 1-800-937-8997
2
Change passwords on email accounts Do second
Use a device connected to Wi-Fi, not your phone. Your email is the master key to all other accounts. Change the password and switch 2FA from SMS to an authenticator app immediately.
3
Contact your bank and freeze accounts
Call your bank's fraud line — not through the app, since your phone may be compromised. Ask them to freeze all accounts and require in-person identity verification for any changes. Monitor for unauthorized transactions.
4
Secure crypto and investment accounts
Log into exchanges from a computer (not your phone) and move funds to a cold wallet immediately. Revoke all active sessions. Contact exchange support if you've been locked out.
5
File reports
File a complaint with the FCC at fcc.gov/consumers/guides/filing-informal-complaint. File with the FTC at reportfraud.ftc.gov. File a police report — you'll need this for insurance and financial recovery claims.
6
Place a credit freeze
Contact all three bureaus — Equifax, Experian, TransUnion — and request a credit freeze. This prevents criminals from opening new accounts in your name. Free by law. Do this even if you don't think financial accounts were accessed.
Switching carriers? Let Digit Relay protect your port.
Every Digit Relay port includes our post-port security guide — carrier-specific number lock activation, SIM-swap risk reduction steps, and a 30-day monitoring reminder. Free for every customer.
Get Protected — Join Waitlist →