It’s 2025, and cell phone numbers are ubiquitous. We use our phone numbers to sign up for websites and online services, from retail and banking to social media and health providers. You can use your phone number to reset a forgotten password, and even for receiving two-factor authentication codes for securely logging in to your accounts.
But if someone can steal your phone number, they can effectively become you.
With your phone number, a hacker can start gaining access to your online accounts, and even trick automated systems into thinking they are you when calling customer service. A hijacked phone number can sometimes be used to access a company’s network as if they were that employee, allowing access to sensitive files and data.
This is all the more reason to proactively protect your phone number from SIM swapping, a type of cyberattack that involves a hacker hijacking a victim’s phone number. The good news is that it’s easier than it’s ever been to lock down your number.
SIM swapping attacks usually happen when a malicious hacker calls up a cell carrier impersonating a specific customer. This hacker would use information they found online, such as a customer’s name and date of birth, and then ask a customer support representative to transfer or “port out” that number to a different SIM card or carrier. As soon as that process completes, the person’s phone number will activate on a SIM card or phone controlled by the hacker, allowing them to make calls and send and receive text messages as if they were the person they just hacked.
Oftentimes, the only sign that this has happened is if the victim suddenly loses cell service for seemingly no reason.
SIM swap attacks exploit a weakness in the security controls within a cell providers’ internal systems that let support representatives make changes to customer accounts without necessarily getting the customer’s express permission.
To combat these kinds of impersonation and deception tactics, known as social engineering attacks, three major phone carriers in the United States — AT&T, T-Mobile and Verizon — have introduced security features that make it more difficult for malicious hackers to deceptively get a customer’s account changed, such as porting out their phone number.
Take a minute or two to check your phone carrier’s account; these features are often not publicized very well and may not be enabled by default.
AT&T
In July, AT&T introduced its free Wireless Account Lock security feature to help prevent SIM swaps. The feature allows AT&T customers to add extra account protection by toggling on a setting that prevents anyone from moving a SIM card or phone number to another device or account. The feature can be switched on via AT&T’s app or through its online account portal by anyone who manages the account, so make sure that account is protected with a unique password and multi-factor authentication.
T-Mobile
T-Mobile allows customers to prevent SIM swaps and block unauthorized number port outs for free through their T-Mobile online account. The primary account holder will have to log in to change to the setting, such as switching it on or off.
Verizon
Verizon has two security features called SIM Protection and Number Lock, which respectively prevent SIM swaps and phone number transfers. Both of these features can be turned on via the Verizon app and through the online account portal by an account’s owner or manager. Verizon says that switching off the feature may result in a 15-minute delay before any transactions can be performed — another safeguard to allow the legitimate account holder to reverse any account changes.
