Greg's Corner

Your Phone Number May Not Be Just Yours

By Greg Collier

A recent case in Franklin County, Kentucky, highlights a troubling trend in mobile phone fraud known as SIM-swapping. Despite the name, this scam does not always involve the physical SIM card in a victim’s device. Even phones with eSIMs or those marketed as not using traditional SIM cards are still vulnerable. What matters to the scammer is control over the phone number, not the card itself.

SIM-swapping, also called “porting out,” is when a fraudster convinces a mobile carrier to transfer someone’s phone number to a new account under the scammer’s control. Once the transfer is complete, the victim’s device is disconnected from service, while the scammer now receives all calls and text messages meant for the victim. This includes two-factor authentication codes and verification messages that many financial and online services rely on for security.

In this instance, the couple discovered this scam when their phones lost service almost simultaneously. A message from their mobile provider followed, indicating that a request to change service providers had been received and was being processed. Within minutes, their numbers had been hijacked by individuals using different carriers. From that moment, their identities were essentially in someone else’s hands.

The consequences were swift and invasive. The scammers attempted to open credit accounts in their names. As the couple scrambled to regain control, they encountered the frustrating reality of automated systems and long waits for human support. In today’s digital environment, losing access to a phone number is more than just an inconvenience. It can mean losing access to email, banking, and personal communications.

Preventing SIM-swapping begins with strengthening account security. Users are advised to set up unique PINs or passcodes with their mobile carriers that must be provided before any changes are made to their accounts. Some carriers offer port protection or number lock features that make unauthorized transfers more difficult. It’s also critical to limit how much personal information is shared online, especially birthdates, phone numbers, and email addresses which can be used to impersonate a customer in support calls.

Despite the technical-sounding name, SIM-swapping is a social engineering attack at its core. It preys not on vulnerabilities in the phone itself, but on human error and the weak points in customer service systems. As more services rely on mobile phones as a gateway to personal data, awareness and proactive security measures become all the more essential.