SIM-Swap Attacks: What They Are and How to Protect Your Number
What a SIM swap actually is
A SIM-swap attack is when someone convinces your carrier to move your phone number onto a SIM card they control — usually through social engineering (impersonating you to a support agent) rather than any technical hack. Once they have your number, they can intercept the SMS codes used to reset passwords on your email, bank, and social accounts. It's one of the more damaging forms of identity theft precisely because it targets the recovery mechanism itself, not just one account.
Why it's a phone plan question, not just a "you" question
Most advice about SIM swapping focuses on personal habits — don't overshare on social media, watch out for phishing. That's real, but it skips the part that's actually in the carrier's control: how hard they make it for someone impersonating you to move your number in the first place. This varies a surprising amount between carriers and plans, and it's rarely advertised clearly at signup.
What real protection looks like
Concretely, look for:
- A port-out PIN or passcode required before any SIM or number change, separate from your account password.
- Account holder verification that can't be satisfied with information that's easy to find online (birthday, address) or leaked in prior data breaches.
- Proactive alerts when a SIM change is requested, sent to a channel the attacker doesn't control (email, a separate authenticator app — not the phone number itself).
None of this is exotic technology. It's mostly process discipline on the carrier's side, which is exactly why it varies so much from plan to plan.
How Scout weighs this
This is why "Private & secure" is one of the priorities you can select in Scout's questionnaire — plans that include real SIM-swap protection score meaningfully higher for anyone who flags it as a priority, the same way network coverage or hotspot data does. It's a concrete, checkable feature, not a marketing phrase.