SIM Swapping is a term used when hackers steal a victims phone number and port or switch that number to a different SIM card in a different cell phone in a hacker’s possession. When the hacker has control of the phone number, they are able to gain access to emails, social media accounts, and even cryptocurrency accounts that are normally protected by SMS-based 2-factor authentication.
SIM Swapping typically occurs through social engineering, the act of manipulating people who have access to the SIM card technology into switching that SIM card to their own device for malicious purposes. Other times, hackers just outright bribe a sales agent at a cell phone carrier store with cash payments to make the swap.
This is why NIST has deprecated SMS two-factor from the list of preferred methods to accomplish two-factor. It is simply too easily compromised. That leaves the physical tokens (securID, Yubikey as examples) and software solutions such as Google Authenticator, Microsoft Authenticator and others as preferred methods.
Related Term: Remote Desktop Protocol (RDP), Social Engineering
Related Readings: CyberHoot Blog: A Deep Dive into SIM Swapping
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
Newly discovered Android banking Remote Access Trojan (RAT), dubbed Klopatra, has compromised more than 3,000...
Read more
In June 2025, KNP Logistics Group, a transport company in the UK with 500 trucks and nearly two centuries of...
Read more
Vulnerability scanning and it's human led partner penetration testing (aka "pentesting") are excellent and...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
