It can be staggeringly easy for a scammer to steal your number. They start by collecting personal information about you from social media, previous data breaches or phishing messages and phone calls.
Next, they contact your mobile network provider posing as you - over the phone, online or in-store - to convince it to switch your number to a new Sim card that they possess, using the personal information they gathered to pass any security checks. They may stick with the same network, pretending the old Sim is missing or damaged, or ask to switch to a new network by requesting the Porting Authorisation Code (PAC).
Once your number is linked to their own Sim, a scammer will attempt to get into your banking, email and social media accounts, knowing that login often requires one-time passwords or passcodes (OTPs) sent by text.
Sim-swap fraud reports
We asked Action Fraud, the national reporting centre, to tell us how many reports of Sim-swap fraud it has received since 2020.
It said reporting volumes halved between 2020 and 2021 and remained stable the following year, but almost doubled from 558 in 2022 to 1,070 in 2023, reaching 2,037 at the end of November 2024.
Hacking into accounts and racking up debt
Ellie faced debts totalling £2,200 after criminals attempted to take over her phone number in September. The first she knew of anything strange was a text from her network provider, EE, confirming the order of a new eSim (a virtual version of a physical Sim card).
She quickly called EE to explain that this had nothing to do with her, assuming that would be the end of it. But then she spotted that her email address had been changed in the EE app. Minutes later, she received a call from 'Adam with the EE fraud team'. He told her they needed to take action to secure her account, cleverly warning her that he would send a security code that should never be shared with anyone outside of the EE fraud team. This scammer used the code to activate the eSim linked to her phone number.
Around 10 minutes later, Ellie received notifications about someone logging in to her NatWest account and changing her email password. She was able to secure NatWest in time, but couldn’t stop two purchases of £699 at Argos in quick succession via her Klarna account. She later discovered that the scammers had also found their way into PayPal (an account that she hadn’t used in years) to successfully apply for £800 credit and spend almost every penny.
Ellie thinks they triggered security checks linked to her phone number, although EE says there's a 24-hour lead time for new Sims to activate and it blocked the number within this timeframe (meaning the scammer couldn’t have received any messages). It’s possible they reset passwords via her compromised email address instead, although her phone number was the initial target.
Despite reporting the fraud to Klarna and PayPal, Ellie was told there was no evidence of unauthorised activity so she would remain liable for the repayments. She went back and forth for nearly two months, raising formal complaints, but was unable to convince anyone that this wasn’t her debt to pay.
Many big banks have access to mobile network data to check if your Sim has recently been swapped or ported before sending sensitive data by SMS, although this is not widely used by other payment providers.
It was only when Which? stepped in to speak to both providers on her behalf that the debts were written off and marked as fraud, leaving no credit mark on her file.
PayPal said it takes its responsibilities to look after people’s money very seriously and uses ‘advanced fraud and risk management tools’ to keep customers safe. It declined to comment on Ellie’s case for privacy reasons, but said it was ‘sorry’ to learn of her experience and confirmed that the case was resolved positively.
Klarna told us this was a sophisticated fraud attempt, as the scammer entered a valid OTP, but admitted it should have handled her complaint better and apologised.
An EE spokesperson said: ‘We’re sorry that Ellie has been targeted by scammers. As soon as we were alerted to suspicious activity, we took steps to secure her EE account. We encourage all our customers to remain vigilant, and if they spot strange activity on their account, to contact us immediately.'
Why has Sim-swap fraud spiked?
Indeed, eSims are actually less prone to other threats, because scammers can’t pretend they’ve been lost or damaged in order to order a new one, and they can't be physically removed by a thief.
When we asked Action Fraud if could offer any insight, it suggested the surge in fraud reports is likely due to an increase in public awareness of Sim swapping. It's due to publish a full report into Sim-swap fraud next month, which may shed more light on the issue.
Find out more:source https://www.which.co.uk/news/article/sim-swap-fraud-doubles-year-on-year-how-scammers-steal-your-phone-number-aB0TF1O6hUrv