← All Tips/SOCIAL
SOCIAL

SIM Swap Protection

Call your carrier and add a "Port-Out PIN". Your phone number is the weakest link in your security.

How SIM Swapping Works

Your phone number is tied to more of your identity than you think. Banks, email providers, social platforms — they all use your phone number as a fallback authentication method. SMS-based 2FA sends a code to your number. Password resets go to your number.

SIM swapping is when an attacker convinces your carrier to transfer your number to a SIM card they control. Once they have your number, every SMS code — every password reset link — comes to them.

The Social Engineering Script

Attackers call your carrier's support line. They have your name, address, last four of your social, and account number (bought in data breaches or gathered from social media). They tell the rep they got a new phone, need to activate a new SIM, and would like to port the number.

Many carriers have helpdesk reps with weak verification protocols. The attack succeeds more often than it should. High-profile victims have lost millions in cryptocurrency this way.

How to Protect Yourself

Step 1: Add a Port-Out PIN

Call your carrier (T-Mobile, AT&T, Verizon) and request a Port-Out PIN or SIM lock PIN. This is a separate PIN that must be provided before any SIM change or port-out is authorized. Most reps know what this is.

Step 2: Note the PIN

Write it down somewhere physical and secure. Store it in your password manager. This PIN protects your number — don't lose it.

Step 3: Switch from SMS 2FA to Authenticator Apps

SMS codes are vulnerable to SIM swapping. Replace SMS-based 2FA with:

  • Google Authenticator or Authy — TOTP codes generated on your device
  • Hardware keys (YubiKey) — phishing-proof, SIM-swap-proof

Step 4: Use a Google Voice Number for 2FA

Consider registering a Google Voice number for SMS 2FA instead of your real number. Google Voice numbers are significantly harder to SIM swap.

The Stakes

SIM swapping has been used to drain crypto wallets, take over business accounts, and enable identity theft. Your phone number is infrastructure. Treat it like a password.

One call to your carrier adds a layer that stops most SIM swap attempts cold.

Get your site properly hardened.

The Voice of Cash delivers professional security audits and hands-on implementation.

Speak to a Specialist →
← Previous
Isolate Your Database
Next →
Separate Your Lives