How to spot (and survive) a sim swap
Sim-swap fraud bypasses every two-factor SMS code in seconds. Here is how it works and how to protect against it.
What it is
Sim-swap fraud, also called sim-jacking or port-out fraud, is when an attacker convinces your mobile carrier to transfer your phone number to a sim card they control. Once they have your number, they receive your SMS codes, can reset your bank passwords, and drain accounts.
How the attack runs
Stage 1: the attacker collects personal info about you (often from data breaches sold on the dark web). Stage 2: they call your carrier pretending to be you, claim a lost or damaged phone, and request a port to a new device. Stage 3: the carrier ports your number after some basic verification questions. Stage 4: your phone goes silent (no service, no calls). Stage 5: the attacker starts triggering password resets on your bank, exchange, and email accounts.
The warning sign you only get once
Your phone shows 'No Service' for no apparent reason and stays that way. That is the only signal you get before the bank account drains. Treat sudden loss of mobile service as a security incident, not a network problem.
How to defend
(1) Set a port-out PIN with your carrier. (2) Move two-factor auth off SMS and onto an authenticator app or hardware key wherever possible. (3) Set up account-change alerts on your bank that go to email, not SMS. (4) If your phone goes silent unexpectedly, contact your carrier from a different phone immediately and ask if a port has been requested.
Practice spotting this in AVA Scam Hunter
The more you see, the faster you spot. Play AVA Scam Hunter — free, 3 minutes, no signup needed.
📚 Read the full lesson at AVA Academy
This page is a quick spotter card. The full plain-English lesson lives in the AVA Academy. Read the Sim Swap lesson → or browse all 9 lessons.