Key takeaways
- A phone-number takeover can intercept calls, texts, and some account-recovery codes without stealing the physical phone.
- Use a carrier PIN or number lock and stronger authentication than SMS for high-impact accounts when available.
- Unexpected loss of service is an incident signal: contact the carrier, then secure email and financial accounts quickly.
Understand the dependency
In a SIM swap, an attacker persuades or compromises a carrier into moving service to a SIM or device they control. In port-out fraud, the number moves to another carrier. The physical phone may suddenly lose calls, texts, and data while the attacker receives codes and password resets.
The FTC SIM-swap guide explains how the takeover can lead to email, bank, and social-account compromise. Map which important accounts use the number for sign-in or recovery.
Harden the carrier account
- Set a unique account PIN or passcode that is not a birth date, address, or reused bank PIN.
- Use a number lock, port freeze, or SIM-change lock when the carrier offers one.
- Secure the carrier login with strong MFA and review authorized users.
- Remove old addresses, emails, devices, security answers, and store representatives’ standing access where visible.
- Ask what notification and identity checks occur before a SIM or port change.
Move critical recovery away from SMS
SMS MFA is often better than password-only access, but it inherits the phone-number risk. Do not disable it until the replacement and recovery path are tested.
| Account | Stronger option when supported |
|---|---|
| Primary email | Passkey or hardware security key plus protected backup |
| Password manager | Phishing-resistant MFA and offline recovery code |
| Financial account | Institution-supported authenticator, passkey, or security key |
| Cloud and social | Authenticator or passkey with reviewed recovery methods |
Treat sudden service loss as urgent
- 1
Use another phone or a known carrier store to contact the carrier and reverse unauthorized changes.
- 2
Secure primary email, password manager, bank, payment, crypto, and social accounts from a trusted device.
- 3
Review password resets, sessions, transfers, new payees, forwarding rules, and profile changes.
- 4
Notify financial institutions and preserve carrier alerts, tickets, timestamps, and affected transactions.
- 5
Use IdentityTheft.gov and credit freezes if identity information or new-account fraud is involved.
Reduce the information used to impersonate you
Remove public posts that reveal full birth date, address, phone, family relationships, pet names, and other common verification answers. Treat security-question answers as random credentials rather than truthful facts when the service permits.
The FCC complaint center accepts telecommunications complaints. Reporting does not replace immediate recovery through the carrier and affected financial providers, but it can create an official record of unresolved service or porting problems.
Evidence record
Sources and methodology
We used primary public sources for the factual framework, then wrote and structured this guide independently. Links are checked during editorial review and when a guide is substantively updated.
- SIM Swap Scams: How to Protect YourselfFederal Trade Commission · Used for: Attack pattern, prevention, and immediate response
- Consumer Inquiries and Complaint CenterFederal Communications Commission · Used for: Telecommunications complaint and porting support route
This article is general educational information, not individualized financial, medical, legal, tax, cybersecurity, construction, or career advice.