SIM-Swap Attack
Also known as: SIM hijacking, SIM porting attack, port-out fraud
When a scammer convinces your mobile carrier to transfer your phone number to a SIM they control, intercepting your SMS codes and taking over your accounts.
A SIM-swap attack starts with the scammer collecting enough personal information about you to impersonate you to your mobile carrier. They call customer service, claim their phone is lost or damaged, and request the carrier to transfer your number to a new SIM card they control. Once it works, every SMS code, every OTP, every account recovery message sent to your phone goes to the attacker.
Within minutes, the attacker can reset passwords on your email, bank, and crypto accounts because the verification codes flow to their device. Victims often discover the attack only when their own phone suddenly loses service or when they get locked out of email — by then, accounts have already been drained.
The defense: ask your carrier for a port-out PIN or SIM transfer PIN. This adds an extra password required for any SIM change. In India, the Government’s Sanchar Saathi portal lets you see and disconnect any mobile number registered against your Aadhaar — closing the SIM-swap-to-OTP chain that drives most account takeovers.