Skip to content
Pricing
Log InStart Free TrialBook a Demo
Fraud Types

SIM Swap Fraud

SIM swap fraud is an attack in which a criminal transfers a victim's phone number to a SIM they control, hijacking calls and texts. It is used to intercept one-time passcodes and account-recovery messages, defeating SMS-based authentication and enabling account takeover.

How it works

How SIM Swap Fraud works

A phone number is a portable credential: mobile carriers can move a number from one SIM to another so customers can replace a lost or upgraded phone. SIM swap fraud abuses this legitimate porting process. The attacker convinces the carrier to reassign the victim's number to a SIM in the attacker's possession, after which all calls and texts to that number, including security codes, flow to the attacker instead of the victim.

To trigger the swap, the attacker impersonates the victim to the carrier, using personal data gathered from breaches, phishing, or social media to answer verification questions, or by socially engineering or bribing store and support staff. Once the number is ported, the victim's own phone typically loses service, an early symptom that is easy to miss or dismiss.

With control of the number, the attacker moves to take over accounts. They request password resets and one-time passcodes for email, banking, exchange, and other accounts, intercept the SMS codes, and complete logins or recovery flows that rely on the phone number as a trusted factor. Speed matters, because the window before the victim restores service and alerts providers is short, so attackers pre-stage their targets and drain value quickly.

Why it matters

Why SIM Swap Fraud matters for fraud prevention

SIM swap fraud is dangerous because it directly undermines SMS-based multi-factor authentication and phone-based account recovery, which a large share of services still depend on. A successful swap can cascade into takeover of a victim's most sensitive accounts, including email that anchors other resets, and losses, particularly in banking and cryptocurrency, can be large and fast. It highlights the risk of trusting the phone number as a possession factor, since possession can be silently transferred without the account holder's involvement.

With TRACIO

How TRACIO handles it

TRACIO reduces reliance on the phone number as the sole line of defense by adding device recognition to the logins and recovery flows a SIM swap targets. The Identification product assigns a persistent visitor ID from over 130 signals, so even when an attacker holds a valid one-time code, the login arrives from an unrecognized device rather than the victim's usual one, which is a strong signal to challenge or block. Sudden device change on a previously stable account, combined with the anonymizing networks attackers often use and surfaced by IP Intelligence and Smart Signals, lets a risk engine treat a code-correct but device-anomalous recovery attempt as high risk. This turns a stolen passcode into an insufficient credential on its own.

FAQ

Frequently asked questions

Identify every device with confidence

Start with a free plan of 2,500 API calls per month. No credit card required.