SIM Swap Attack

Attackers convince your mobile carrier to transfer your phone number to their SIM card, allowing them to intercept SMS-based 2FA codes and access your crypto exchange accounts.

Critical Severity

Technical Exploit

Common

How This Scam Works

The attacker gathers personal information about you (name, address, last 4 of SSN) from data breaches, social media, or social engineering. They call your mobile carrier pretending to be you and request a SIM card replacement or number transfer. Once they control your phone number, they receive your SMS-based 2FA codes, reset passwords on your exchange accounts, and drain your funds. The attack can happen in minutes, and you often don't realize until your phone loses signal.

Red Flags to Watch For

Your phone suddenly loses cell service for no apparent reason
You receive unexpected emails about password changes or new logins
You get notifications about 2FA code requests you didn't make
Your mobile carrier sends you a SIM change confirmation you didn't request
Calls from unknown numbers asking for personal verification details

Common Phrases Scammers Use

“This is a technical attack — there are no scammer phrases to watch for”

“The attacker impersonates you to your carrier's support staff”

“Social engineering of carrier employees is the primary vector”

What to Do Right Now

1Switch all accounts from SMS 2FA to authenticator app-based 2FA (Google Authenticator, Authy)
2Set up a carrier PIN or port-out protection with your mobile provider
3If your phone loses signal unexpectedly, contact your carrier immediately from another device
4If compromised, contact your exchanges immediately to freeze accounts
5File a police report and FTC complaint

What NOT to Do

Do not use SMS-based 2FA for any crypto exchange or wallet
Do not share personal details on social media that could be used for verification
Do not use easily guessable security questions
Do not delay contacting your carrier if you suspect a SIM swap

How to Report It

FTC Identity Theft
FBI IC3
Your mobile carrier's fraud department
Local law enforcement

Frequently Asked Questions

How common are sim swap attack scams?+

SIM Swap Attack scams are currently rated as "common" in our tracking. Anyone using SMS-based 2FA on crypto exchanges, people with public social media profiles, high-value crypto holders are the most frequently targeted groups. These scams continue to evolve, so staying informed about current tactics is essential.

Can I get my money back after falling for a sim swap attack scam?+

Recovery of crypto sent to scammers is very difficult because blockchain transactions are irreversible. Report the incident to law enforcement (FTC, FBI IC3) as quickly as possible. In some cases, if funds passed through a regulated exchange, authorities may be able to freeze them. Do not pay anyone who claims they can recover your funds — this is often a follow-up scam.

How do I know if a message is legitimate?+

Check for verifiable company registration and regulatory licenses. Search for independent reviews on trusted sites — not testimonials on the platform itself. Verify URLs carefully for misspellings. Legitimate services never ask for your seed phrase or private keys, never guarantee returns, and never pressure you to act immediately.

What should I do if someone I know is being targeted by a sim swap attack scam?+

Approach the conversation with empathy — victims are often emotionally invested and may react defensively. Share specific red flags you've noticed without being judgmental. Provide links to official scam reporting resources. If they have already sent funds, help them report to the FTC and FBI IC3 quickly. The Global Anti-Scam Organization (GASO) also provides peer support.

This information is for educational awareness only. It does not constitute legal, financial, or professional advice. If you have been the victim of a scam, contact law enforcement and consider consulting a licensed attorney.

Quick Facts

Severity: Critical Severity
Category: Technical Exploit
Prevalence: Common
Who Is Targeted: Anyone using SMS-based 2FA on crypto exchanges, people with public social media profiles, high-value crypto holders
Red Flags: 5 identified

Need Help Now?

If you are being scammed right now, stop all contact and payments immediately.

Report to FTC Report to FBI IC3

Other Scam Patterns

Fake Investment Platform

Investment Scam · Very Common

Romance / Pig Butchering Scam

Romance Scam · Very Common

Fake Crypto Job Scam

Employment Scam · Very Common

Phishing Wallet & Exchange Scam

Technical Exploit · Very Common

View all scam patterns