Skip to main content
    Back to Alerts
    CRITICAL
    identity_theft

    SIM Swapping Attacks Bypassing 2FA

    March 27, 2026Updated Mar 27, 2026US, CA, GB, EU, GLOBAL
    Phone Carriers
    Banking Apps
    Email

    Overview

    A surge in SIM swapping attacks where hackers take over victims' phone numbers to bypass two-factor authentication and drain bank accounts.

    Expert Analysis

    GetCyberRight Analyst Assessment

    This analysis was prepared by our security team based on verified threat intelligence and official sources.

    The FBI reported over $68 million in SIM swapping losses in 2023. Attackers social-engineer phone carriers into transferring a victim's number to a new SIM card. With the victim's phone number, they receive all SMS-based 2FA codes, enabling them to reset passwords on banking, email, and cryptocurrency accounts.

    Indicators of Compromise

    tactic
    Phone suddenly loses service

    Victim's phone shows 'No Service' or 'SOS only'

    tactic
    Unauthorized account password resets

    2FA codes redirected to attacker's device

    What You Should Do

    1

    Set a PIN or passphrase with your phone carrier immediately

    2

    Switch from SMS 2FA to authenticator apps (Google Authenticator, Authy)

    3

    Use hardware security keys for your most important accounts

    4

    Enable SIM lock or port-out protection with your carrier

    5

    Limit personal information shared publicly on social media

    6

    If your phone loses service unexpectedly, contact your carrier immediately

    Sources