Scammer hijacks your phone number to bypass two-factor authentication
A criminal impersonates you to your mobile carrier, convincing them to transfer your phone number to a SIM or carrier they control. With your number, they intercept SMS authentication codes to take over bank, email, and financial accounts.
Also known as: SIM swap fraud, port-out scam, phone number hijacking, SIM hijacking
Already happened to you? Do this in the next few minutes
- 1 Call your bank or card's fraud line right now. Use the number on the back of your card — not any number from the message or caller. Ask them to stop or reverse the payment and freeze the account.
- 2 If you paid by gift card, wire, or an app (Zelle, Venmo, Cash App): contact that company immediately and report it as fraud. Acting fast sometimes recovers the money.
- 3 Report to the FBI at ic3.gov and the FTC at reportfraud.ftc.gov. The sooner, the better.
What to do right now
- 1 Contact your mobile carrier immediately if your phone loses service without explanation
- 2 Set a unique PIN or passphrase on your carrier account to block unauthorized SIM changes — do this proactively before an attack occurs
- 3 Switch from SMS-based two-factor authentication to an authenticator app (such as Google Authenticator or Authy) for all important accounts
- 4 Contact your bank immediately if you suspect account access has been compromised
- 5 Report to the FTC at https://reportfraud.ftc.gov and the FBI's IC3 at https://www.ic3.gov.
Red flags
- ⚠ Your phone suddenly loses all service — calls, texts, and data — for no apparent reason
- ⚠ You stop receiving calls or texts unexpectedly
- ⚠ Your carrier sends a notification about a SIM change or port-out you did not request
- ⚠ Bank, email, or social media accounts send unexpected password-reset notifications
Known variants
-
Attacker uses stolen carrier-account credentials to generate a remote eSIM activation QR code without visiting a store. They scan it on their device, deactivating the victim's physical SIM. All SMS authentication codes are rerouted to the attacker, who then drains bank and crypto accounts via intercepted OTPs.
Last seen: 5/30/2026