Your mobile number is more than just a way to stay connected—it’s a gateway to your digital identity. And when that number falls into the wrong hands, consequences can be severe. In 2023 alone, SIM swap scams resulted in over $48 million in losses across 1,075 complaints made to the FBI’s Internet Crime Complaint Center^[1].

To help you avoid falling prey to a SIM swap scam and safeguard your personal and payment information, we’ve covered everything you need to know about these scams—from how they work to how you can recognize the warning signs and reduce the risk of becoming a target. 

You’ll also learn how using virtual cards can help you reduce the risk of payment fraud and add an extra layer of security to your online transactions.

What Is a SIM Swap Scam?

A SIM swap scam is a form of fraud where an attacker deceives your mobile carrier into transferring your phone number to a SIM card they control. Once they gain access to your number, they can intercept sensitive communications—most importantly, one-time passwords (OTPs) sent via text to authorize card transactions or account logins. 

This access might allow fraudsters to reset passwords, log into your banking or shopping accounts, steal your card details, and make unauthorized card transactions—all while you’re locked out of your phone and wondering why your signal suddenly dropped.

How Does the SIM Swap Scam Work?

SIM swap scams don’t rely on technical hacking. Instead, fraudsters manipulate the systems we use every day to carefully orchestrate attacks that exploit the link between your mobile number and your online identity.

Here’s how the scam is typically carried out:

1. Collecting your personal information—Scammers may start by gathering your personal information from leaked data sold on the dark web or your social media accounts. In some cases, they go a step further and reach out to you directly through phishing emails, messages, or phone calls (vishing) designed to trick you into revealing sensitive details.
2. Impersonating you to your mobile carrier—The fraudster usually impersonates you and contacts your mobile service provider, claiming that your SIM card has been lost or damaged and requesting that the number be transferred to a card in their possession. Thanks to the data they’ve already extracted, they may be able to answer your security questions and get the request approved. 
3. Gaining control of your accounts—At this point, the scammer effectively takes over your phone number. They may begin intercepting your calls and text messages, including any OTPs or authentication codes sent by your bank, retailers, or other service providers.

How To Detect a SIM Swap Scam

SIM swap scams can happen quickly and quietly, often before you even realize anything’s wrong. 

Watch out for these warning signs:

If you miss these warning signs, SIM swap scams can escalate fast. Take the case of the SIM swap Bank of America scam as an example. In 2024, a Bank of America customer from California suddenly lost cell service and soon discovered that $38,000 had been stolen from his account^[2]. In another case, a woman reported being locked out of her mobile and banking accounts after receiving a suspicious purchase alert—$17,000 was gone before she could act^[3].

Consequences of Falling Victim to a SIM Swap Scam

SIM swap fraud doesn’t just disrupt your phone service—it can compromise your finances, your identity, and your peace of mind. Here’s how it can affect you specifically:

• If scammers act fast and you don’t notice right away, they can drain accounts, make purchases, or steal stored funds before you can respond.
• Since your phone number is often a gateway to more sensitive data, it could put you at risk of having your identity stolen and misused elsewhere.
• If fraudulent charges go unpaid or accounts are compromised, it could lead to missed payments or even defaulted accounts.
• Recovering from SIM swap fraud by disputing the charge often means countless calls to your bank, mobile carrier, and service providers, and the added stress of restoring your digital life.

What Legal Protections Do You Have?

Under the Fair Credit Billing Act (FCBA), your liability for unauthorized credit card transactions is limited to $50^[4]. However, most major issuers offer zero-liability policies, meaning you likely won’t pay anything out of pocket.

For debit card transactions and electronic transfers, protections under the Electronic Fund Transfer Act (EFTA) vary based on when you report the fraud^[5]:

Banks may also have zero-liability policies for debit cards, offering broader protection in cases of unauthorized charges.

How To Prevent SIM Swap Scams

With the right precautions, you can significantly reduce the risk of becoming a victim of SIM swap scams. Here’s how to strengthen your defenses and safeguard your accounts:

1. Secure your mobile account with a strong password—Contact your mobile carrier to set up an account PIN or passcode, which helps prevent unauthorized SIM swaps (many carriers, such as AT&T^[6], offer this feature). See if they offer additional protections like port-out verification or account freeze features. 
2. Use a password manager for better security—You can also use a password manager like LastPass, 1Password, or Bitwarden to generate and store passwords.
3. Use an app-based authenticator—Avoid SMS-based two-factor authentication where possible. Instead, use authentication apps like Google Authenticator or Authy, which generate secure codes on your device that aren’t tied to your phone number.
4. Limit personal information online—Review your social media profiles and remove personal details that scammers could use to impersonate you. Even seemingly harmless facts like your high school or your pet’s name can be useful in answering security questions.
5. Monitor your mobile service and accounts—Watch out for suspicious activity on your mobile service and banking accounts. If anything seems out of place, contact your carrier and financial institutions to report it.

Using Virtual Cards for Securing Your Real Account Info

To strengthen your SIM swap scam protection, consider using virtual cards for online transactions. These cards generate random card numbers, expiration dates, and CVVs that act as a secure substitute for your real payment information. If your account with a merchant is compromised after a SIM swap scam, only the virtual card details are exposed—keeping your actual account safe.

While some banks like Citi and Capital One offer virtual cards, they’re typically limited to existing bank account holders. A dedicated provider like Privacy offers greater flexibility, allowing you to generate and manage virtual cards without having to open accounts with any specific bank.

Add a Layer of Security to Your Payments With Privacy Virtual Cards

Privacy is a BBB-accredited virtual card provider trusted by over 250,000 Americans. Once you securely link your bank account or debit card to it, Privacy lets you generate multiple virtual cards for one-off or recurring payments, which gives you greater control, flexibility, and security every time you pay online. 

The table below outlines the three types of Privacy cards you can choose from:

Privacy also lets you set customizable controls on your cards to help you stay in charge of your spending:

• Spending limits—Set a maximum charge amount for each card to help reduce the risk of billing errors like overcharges, duplicate charges, or hidden fees. Any transaction that exceeds the limit is automatically declined.

• Pause or close cards instantly—Easily pause or close a card to block any future charges. This is especially useful when canceling subscriptions, as some merchants may attempt to bill you after cancellation.

Standout Features of Privacy Virtual Cards

Whether you’re shopping on your laptop or managing your finances on the go, Privacy helps you save time and stay organized with these convenient features:

• Privacy Browser Extension—Available for Firefox, Edge, Chrome, Safari, and Safari for iOS, the extension autofills your Privacy Card details at checkout for a faster, smoother payment experience.
• Mobile app—The Privacy App (available for Android or iOS) lets you generate and manage virtual cards from your phone. It also sends real-time notifications for every charge or decline, so you can act quickly if something looks off.

• 1Password integration—Securely store and manage your Privacy Cards alongside your passwords within the 1Password browser extension.
• Card Notes—Add custom notes to each card, like the merchant name or next billing date, for easier tracking and organization.
• Shared Cards—Share virtual card details with trusted friends or family members without ever exposing your real payment information.

Getting Your First Privacy Card

To sign up for Privacy, you must be a U.S. resident, 18 years old or above, and have a valid checking account at a U.S. bank or credit union. If you meet these requirements, getting started is quick and simple. Just follow these four steps:

1. Create your Privacy account
2. Complete identity verification by submitting the required KYC information
3. Connect a funding source, such as a debit card or bank account
4. Generate your first Privacy Virtual Card

‍Privacy offers four monthly plans, detailed in the table below:

With the Personal plan, you can generate both Single-Use and Merchant-Locked Cards, set spending limits, pause and close cards, and manage everything easily through the mobile app and browser extension.

If you need more cards and additional features, you can upgrade to the Plus, Pro, or Premium plans and get access to:

• Category-Locked Cards
• Fee-free international transactions
• Shared Cards
• Card Notes 
• Priority support and Live Chat, available Monday to Friday, 9 a.m. to 5 p.m. ET
• 1% cashback on eligible purchases (up to $4,500 in spending per month)

References

^[1] Internet Crime Complaint Center. https://www.ic3.gov/AnnualReport/Reports/2023_IC3Report.pdf, sourced April 3, 2025

^[2] Yahoo Finance. https://finance.yahoo.com/news/california-man-says-lost-38-184500361.html, sourced April 16, 2025

^[3] WJLA. https://wjla.com/features/i-team/scams-verizon-bank-of-america-two-factor-step-authentication-cell-phone-sim-card-swap-criminals-crime-hackers-money-iphone-5g-service, sourced April 3, 2025

^[4] Federal Trade Commission. https://consumer.ftc.gov/articles/using-credit-cards-and-disputing-charges, sourced April 3, 2025

^[5]Federal Trade Commission. https://consumer.ftc.gov/articles/lost-or-stolen-credit-atm-and-debit-cards, sourced April 3, 2025

^[6] AT&T. https://about.att.com/pages/cyberaware/ae/account-protection, sourced April 16, 2025

‍