Criminals will pose as an account holder and request a new SIM card. Once received, this allows them to effectively take control of the victim's phone. They can then access accounts which use passcodes sent to the victim's phone such as in SMS/call based two-factor authentication.

Attackers will initially use other compromised information to bypass a company's security checks and request the new SIM. This information may be gained from leaked information on the dark web, phishing emails, or malicious software installed on user devices.


Be on the lookout for warning signs. Suddenly losing all service could indicate that a criminal has transferred your phone number to a different device. Receiving random authentication codes could also be a sign that someone is trying to breach your online accounts. Contact your phone company and financial institutions to mitigate any potential damage if you suspect any of the above.

SMS based two-factor authentication is better than nothing, however it is better to use an authenticator app instead (e.g. Google/Authy). Using these apps will protect accounts against SIM swap attacks.

As mentioned, criminals may use other personal information to bypass security checks. Make sure that you are not exposing this sort of information on any of your online profiles. This information could be your phone number itself, or information such as your address / education / mother's maiden name / banking information etc.

Many phone companies will allow you to put a unique PIN on your account.Enable this for another layer of security.

Similarly, make sure that your bank accounts have as many security procedures enabled as possible. For example, in one of these cases, Voice ID prevented a criminal from draining a victim's bank account.

Make sure that you know how to defend against Phishing attacks looking to compromise personal information used to bypass security checks - see the NCSC's guide on this at

Following on from the above point, don't download potentially malicious apps from untrusted sources, these could also steal your personal information to enable SIM swapping.

Many accounts ask you to link your phone number to them. One alternative is to obtain and use a VoIP number (Voice over Internet Protocol), if possible. Since VoIP numbers operate over the internet, they are immune to being SIM swapped.

If you are a victim of SIM Swapping, report it to Action Fraud

By using this website you agree to our use of cookies to enhance your experience. I understand

Nuclear Conference

Nuclear South West Conference 2019

The Somerset Cyber Group (with BLUELOOP being one of the members) will be exhibiting at the upcoming Nuclear South West Conference 2019 at The McMillan Theatre, Bridgwater on 2nd and 3rd October 2019.

With a theme of ‘Bringing Innovation to Nuclear’, this two-day showcase and conference highlights current and future opportunities in New Build, Decommissioning, Defence and new technologies, including SMRs. 

Our team will be on hand to discuss basic steps in good Cyber Security practice to ensure that all members of the supply chains, no matter how large or small, can ensure that they aren’t the weakest link.

For more information visit: or to book, visit: