Gathering Personal Information – Attackers collect personal data about the victim through phishing, data breaches, social engineering, or other means.

Contacting the Mobile Carrier – The fraudster impersonates the victim and contacts the mobile carrier, claiming a lost or stolen SIM card and requesting a transfer to a new one.

Bypassing Security Checks – The attacker may use stolen data to answer security questions or manipulate customer service representatives to approve the SIM change.

Activating the New SIM Card – Once the carrier transfers the number to the new SIM card, the attacker gains control of the victim’s phone number.

Intercepting Sensitive Data – The fraudster can now receive calls, text messages, and one-time passwords (OTPs), which are often used for two-factor authentication (2FA). This enables access to bank accounts, social media, email, and other critical services.

Enable SIM Lock – Set up a PIN for your SIM card to prevent unauthorized transfers.

Use Strong Authentication – Opt for app-based authentication (e.g., Google Authenticator, Authy) instead of SMS-based 2FA.

Set Up a Carrier PIN or Passcode – Many carriers offer additional security layers such as requiring a PIN or passcode before making account changes.

Monitor Account Activity – Regularly check your mobile carrier account for unauthorized changes.

Be Cautious of Phishing Attempts – Avoid clicking on suspicious links or sharing personal information over the phone, email, or text messages.

Enable Account Alerts – Set up notifications for login attempts and changes to sensitive accounts.

Consider a Separate Number for Banking – Use a different phone number, not widely shared, for financial transactions and sensitive services.