We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site.... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

  • Cookie
    cookieyes-consent
  • Duration
    1 year
  • Description

    CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about site visitors.

  • Cookie
    _GRECAPTCHA
  • Duration
    180 days
  • Description
    This cookie is used by the Google reCAPTCHA service to protect the site from spam and abuse, distinguishing between real users and bots. It performs a risk analysis by collecting information on browsing behavior and device details, such as mouse movements, keystrokes, and technical data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

  • Cookie
    language
  • Duration
    1 anno
  • Description

    This cookie is used to store the user's language preference.

  • Cookie
    post_viewed_
  • Duration
    1 ora
  • Description

    This cookie prevents a single visit to an article from being counted multiple times when the page is refreshed.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

  • Cookie
    _ga_*
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to count visitors to the page

  • Cookie
    _ga
  • Duration
    1 anno 1 mese 4 giorni
  • Description

    Google Analytics sets this cookie to calculate visitor, session, and campaign data and track site usage for site analytic reporting. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Guides

SIM swapping: the silent digital theft

Learn what SIM swapping is, how it works, why it’s dangerous, and how to protect yourself from this growing cyber threat linked to cryptocurrencies.

The silent digital theft

13 June 2025

Table of contents

  • SIM swapping: what it is and how it works
  • How criminals take control of your SIM card
  • The final stage: tricking the carrier
  • After the SIM swap: total digital control
  • Why SIM swapping is extremely dangerous
  • How to defend against a SIM swapping attack
  • SIM swapping and cryptocurrency: a dangerous combination
  • Warning signs that should alert you

In an increasingly digital world, cybercriminals constantly refine their methods to steal data, money, and identities.

One of the most insidious techniques is SIM swapping (also known as SIM swap, SIM clone, or SIM hijacking). This attack allows hackers to take control of your phone number, intercepting calls, messages, and especially the security codes used to access bank accounts, emails, and cryptocurrency wallets.

In this article, we’ll explore what SIM swapping is, how it works, why it’s so dangerous, how to detect it, and how to defend yourself effectively.

SIM swapping: what it is and how it works

To understand how dangerous the phenomenon of SIM swapping is, it is essential to start from its definition. But what is SIM swap?

SIM swapping is a cyberattack that involves fraudulently transferring a victim’s phone number to a new SIM card controlled by the attacker. By doing this, the criminal hijacks the victim’s identity — at least digitally — and can receive all the SMS messages, calls, and most importantly, 2FA codes used to access online services.

In practice, the scammer convinces the telephone operator to transfer the victim’s telephone number to a new SIM in their possession. Once this step is completed, the attacker can receive calls, SMS and above all OTP (One-Time Password) codes sent via SMS to access bank accounts, emails, social networks and cryptographic services.

This is not a real technical SIM cloning, but a fraudulently authorized migration of the number to a new card: a real identity theft, both digital and telephone.

How criminals take control of your SIM card

The first stage of a SIM swapping attack is the theft of personal information. Without enough data about the victim, a cybercriminal can’t impersonate them convincingly enough to trick the mobile carrier.

Let’s look at how attackers gather this sensitive data — with practical, real-world examples for each method.

Phishing: the classic bait

One of the most common tactics is phishing — the act of sending deceptive messages that appear to come from legitimate sources, such as banks, telecom providers, or delivery services. These messages urge users to input personal data on fake websites.

Example
You receive an SMS that looks like it’s from your mobile provider:
“Your SIM has been temporarily suspended. Please verify your identity here.”
You click on the link, which leads to a realistic-looking page asking for your full name, ID number, SIM serial number, and perhaps even a scan of your ID. Once submitted, all this data goes straight to the criminal.

Data breaches: goldmines of personal info

Criminals often exploit data breaches, where large databases of customer information are leaked and sold on the dark web. These dumps include email addresses, phone numbers, addresses, IDs, and even passwords.

Example
An attacker purchases a leaked database from an online store’s breach and finds the record for Maria Rossi: full name, mobile number, address, email, tax ID, and even date of birth. With this, they’re fully equipped to contact Maria’s mobile carrier and convincingly impersonate her to request a SIM replacement.

Social engineering and OSINT (Open-Source Intelligence)

Social engineering relies on manipulating people rather than systems. Sometimes, attackers gather valuable intel just by browsing your public social media profiles.

Example:
John frequently posts on Facebook and LinkedIn. From his public posts, an attacker discovers:

  • His workplace and position
  • His city of residence
  • His birthday
  • Family member names (from tagged posts)

With this info, the attacker calls the mobile provider and answers security questions like “What’s your birthdate?” or “What’s your mother’s maiden name?” — answers easily found online.

The criminal now has a convincing case to request a new SIM card under John’s number.

The final stage: tricking the carrier

With enough personal data, the attacker moves to the next phase: contacting the mobile carrier and pretending to be the victim. The story is typically one of the following:

  • “I lost my phone and need a replacement SIM.”
  • “My SIM card is damaged and I need a new one.”
  • “I’m travelling and can’t receive texts — please help!”

Depending on the level of verification in place, the criminal may even provide forged documents or just rely on charm, urgency, or pressure to manipulate the support agent.

Real case: Michael Terpin’s SIM swap incident

In 2018, crypto investor Michael Terpin was the victim of a devastating SIM swapping attack. Hackers convinced his mobile carrier (AT&T) to reassign his number to a new SIM, despite prior account protection.

In a matter of hours, they bypassed his 2FA, gained access to his cryptocurrency wallets, and stole over $24 million in digital assets. Terpin later filed a lawsuit against the carrier for failing to safeguard his account.

After the SIM swap: total digital control

Once the number has been successfully ported to a new SIM, the attacker gains complete control of all services linked to that phone number. They can now:

  • Receive OTP codes via SMS
  • Reset passwords on online accounts
  • Access crypto wallets with SMS-based 2FA
  • Take over social media profiles
  • Lock the real user out of their own accounts

Most victims only realize what’s happened after losing access, noticing unauthorized activity, or when their phone loses signal altogether.

This process demonstrates how relatively easy it can be to clone a phone number when armed with enough personal data.

The simplicity — and the potentially devastating consequences — are what make SIM swap attacks one of the most dangerous forms of identity theft today.

Extremely dangerous attack

Why SIM swapping is extremely dangerous

A SIM swap attack is not just an annoying inconvenience: it can turn into a real financial and personal disaster. The reason? Today our phone number is the digital access key for many services.

Two-factor authentication (2FA), considered for years a valid method of protection, is often based on sending codes via SMS. Here are some scenarios in which the SIM swapping attack becomes devastating:

  • Access to online bank accounts
  • Password recovery via SMS
  • Access to cryptocurrency wallets
  • Control of social media accounts (for extortion or scams)
  • Access to emails, personal data, health documents

Once inside, the attacker can empty bank accounts, transfer crypto assets, change passwords and even block access to the victim, who only realizes too late that the SIM has been cloned.

How to defend against a SIM swapping attack

Protecting yourself from a SIM swap attack requires awareness, a proactive mindset, and the implementation of multiple layers of security.

No single method will completely eliminate the risk, but combining best practices can make you a much harder target. Below are the most effective strategies, explained with real-life examples.

1. Avoid SMS-based two-factor authentication (2FA)

SIM swappers rely on intercepting one-time passwords (OTP) sent via SMS. This makes any system that relies on SMS for two-factor verification (2FA) weak.

What to do:
Switch to authenticator apps that generate codes locally and don’t depend on your phone number:

  • Google Authenticator
  • Microsoft Authenticator
  • Authy (which also offers encrypted cloud backups)

Example:
Marco used to log into his PayPal account with SMS-based 2FA. After learning about SIM swap attacks, he switched to Google Authenticator. Now, even if someone hijacks his number, they can’t access his account without the app-generated code.

2. Protect your personal information

The information we share online is often enough for a SIM cloning attack. Innocent posts on social networks, comments, public profiles… everything can be used against us.

What to do:

  • Make your social media profiles private.
  • Don’t share sensitive info (birthday, phone number, address) online.
  • Avoid putting your number on public websites or forums.

Example:
Lucia has always put her WhatsApp number in her Instagram bio to facilitate professional contacts. After discovering that an attacker had used it to simulate a SIM change request, she decided to remove the number and use a contact form on the website.

3. Set a PIN on your SIM and carrier account

Many mobile providers allow users to set a SIM PIN or account security code, preventing unauthorized changes.

What to do:

  • Set a SIM PIN from your phone’s security settings.
  • Ask your provider to enable an account PIN or secret passphrase.

Example
Francesco uses Iliad, which allows you to protect your line with a PIN and a PUK code. He activates the PIN every time he turns on his phone: so, even if the device is physically stolen, the SIM cannot be used without the code.

4. Request a SIM swap block from your carrier

Some carriers offer the option to lock your account against remote SIM card changes. Any attempt to transfer your number will require in-person ID verification.

What to do:

  • Contact your mobile carrier’s customer service.
  • Ask if they can add a “no remote SIM swap” flag or similar security lock.
  • Set strict verification methods.

Example
Anna calls her mobile provider and requests a carrier lock on her account. From then on, SIM replacements can only be done in person with a valid ID. Even a well-prepared fraudster couldn’t bypass that without her physical presence.

5. Enable login and security alerts

Most major services (Gmail, Facebook, Instagram, Amazon, crypto exchanges) allow you to receive notifications when:

  • A new device logs into your account.
  • A password is changed.
  • Your phone number or email is modified.

What to do:

  • Go to your account’s security settings.
  • Turn on all email/push alerts.
  • Add a secondary recovery email for redundancy.

Example
Giulio receives an email from Google: “New sign-in from unknown device in Romania.” He immediately resets his password and secures his account before any serious damage is done.

6. Use strong and unique passwords for every account

Many users use the same password for multiple services. This is a very serious mistake: if an attacker gains access to one site, he can automatically try it on all the others. In cyber this is called credential stuffing.

What to do:

  • Use a password manager like Bitwarden, 1Password, or Dashlane.
  • Create unique, complex passwords for every service.
  • Change your most critical passwords regularly.

Example
Roberto used the same password for his email and a forum that was breached. A criminal used it to access his email, then executed a SIM swap to gain full control. Since then, Roberto uses Bitwarden and has a different password for each account.

7. Regularly monitor your accounts

Don’t wait until it’s too late: periodically checking your accounts allows you to catch suspicious activity before it becomes irreparable.

What to do:

  • Review login history on platforms like Google, Facebook, and Instagram.
  • Log out devices you don’t recognize.
  • Verify that recovery emails and phone numbers are still correct.

Example
Serena checks her Google account activity every week. One day, she spots a login from Russia. She quickly revokes access, changes her password, and enables 2FA using an authenticator app.

BONUS: Use a separate phone number for sensitive accounts

A good way to reduce the risk of SIM swap attacks is to use two numbers:

  • One for everyday use (calls, social media, etc.)
  • One dedicated solely to bank logins, crypto wallets, or secure services

Example
Davide activates a secondary SIM only to receive authentication codes for crypto services and the bank. He doesn’t share it with anyone and never uses it on social media. Even if his main number is cloned, his most important accounts remain safe.

SIM swapping and cryptocurrency: a dangerous combination

The rise of cryptocurrencies has made SIM swap fraud more attractive to cybercriminals. Many crypto investors and influencers store large amounts of value in wallets protected by SMS-based 2FA. If a hacker gains access to that number, they can bypass security, transfer funds, and disappear without a trace.

Once hackers have a victim’s number, they can steal Bitcoin, Ethereum, or other digital tokens, often without the possibility of recovery, since the transactions are irreversible. Some of the most high-profile scams have involved crypto influencers, who have seen hundreds of thousands of euros worth of funds disappear in a matter of minutes.

Warning signs that should alert you

Realizing you’re a victim of a SIM swapping attack isn’t always immediate, especially if you’re not tech-savvy or familiar with cyber security threats.

However, there are clear warning signs that should never be ignored. Recognizing these symptoms early can help you stop the attack or at least limit the damage. In these situations, timing is everything: acting quickly can be the difference between a minor issue and a complete digital disaster.

1. Your SIM suddenly stops working

One of the most common symptoms is your SIM suddenly becoming inactive for no apparent reason:

  • Your phone shows “No Service” or “Emergency Calls Only”
  • You can’t make or receive calls
  • SMS messages fail to send
  • Mobile data doesn’t work, or you’re unexpectedly roaming

Example
Chiara is at home on Wi-Fi and doesn’t notice that her iPhone displays “No Service.” When she tries to send an SMS to receive an OTP from her bank, she realizes she can’t use mobile services anymore. Her number has already been transferred to a fraudster’s SIM card.

2. Suspicious login notifications by email or app

Many online services will alert you by email or notification if:

  • There’s a login from a new device
  • A sign-in occurs from an unusual location
  • Your password or phone number is changed

Example
Stefano receives an email from Google: “New sign-in from a device in Bucharest.” But he’s in Rome. This is a major first red flag: the attacker has taken over his SIM and is trying to access accounts tied to his number.

3. Unexpected password reset messages

If you start getting emails or notifications about password resets from services like Instagram, Gmail, Amazon, Binance, or WhatsApp — and you didn’t request them — this is a serious alarm.

Example
Federica receives five emails from different services in a few minutes: “You have requested a password reset.” She has done nothing. This behavior is typical of a SIM swap attack in execution, where the hacker tries to take control of all the victim’s accounts.

4. You stop receiving SMS from banks or contacts

A sudden stop in receiving SMS messages is a major clue. If friends or banks say they’ve texted you but you haven’t received anything — or you’re not getting OTP codes from banks or services — something’s wrong.

Example
Alessio tries to log into his online banking, but the confirmation SMS code never arrives. After a few failed attempts, he realizes he isn’t receiving any messages at all — not even from friends or family. At this point, he realizes his number has been cloned.

5. Access denied to your online accounts

Another serious sign is being locked out of your digital accounts:

  • Passwords don’t work, even though you know them are correct
  • The recovery phone number has been changed
  • Recovery email addresses have been replaced

Example
Monica tries to log into her Coinbase account, but her password has been changed. She tries a reset, but the code never arrives by SMS. When she checks for email recovery, she finds the address has also been altered. The attacker now has complete control over her account and crypto wallet.

Final thoughts: awareness is your best protection

SIM swapping is a silent but devastating attack. It strikes at the heart of our digital identity: the phone number. And while it is not possible to completely eliminate the risk, increasing awareness and adopting adequate security measures is the best way to protect yourself.

Remember: it is not just about technology, but about behavior. SIM cloning does not happen by chance, but thanks to a chain of naivety and carelessness. Breaking this chain is the first step towards security.

Questions and answers

  1. What is SIM swapping?
    It’s a scam where a hacker transfers your phone number to their SIM to intercept calls and SMS, gaining access to your accounts.
  2. How does SIM swap work?
    The attacker gathers your personal data and tricks your mobile carrier into switching your number to a new SIM card.
  3. How can I tell if my SIM was cloned?
    You might lose signal, stop receiving SMS, or get locked out of accounts unexpectedly.
  4. What should I do if I’m a SIM swap victim?
    Immediately contact your mobile provider, change all passwords, and report the incident to authorities.
  5. Why is SIM swapping dangerous?
    It allows hackers to intercept 2FA codes and take control of your banking, email, crypto wallets, and more.
  6. Can someone clone my SIM without access to my phone?
    Yes, if they have enough personal information, they can do it remotely through social engineering.
  7. How can I protect myself from SIM swap attacks?
    Use authenticator apps instead of SMS, secure your data, and enable account PINs with your carrier.
  8. Is SIM swap fraud a crime?
    Absolutely. It’s considered identity theft and financial fraud in many jurisdictions.
  9. Why are crypto users targeted in SIM swap scams?
    Crypto wallets often rely on SMS 2FA, making them attractive to hackers looking for quick, irreversible gains.
  10. Who is most at risk?
    High-profile individuals, crypto holders, and anyone with poorly secured personal data online.
2
To top