How to Lock Your SIM Card to Prevent SIM Swap Attacks

Beginner Time: 10 minutes Category: Device Security

A SIM swap attack happens when a criminal convinces your mobile carrier to transfer your phone number to a SIM card they control. Once they have your number, they can intercept your text messages, receive your 2FA codes, and take over your accounts. Locking your SIM prevents unauthorized transfers and takes just a few minutes.

Why This Matters

The FBI reported that SIM swapping losses exceeded $68 million in 2021, up from $12 million the prior year. High-profile victims include Twitter CEO Jack Dorsey, whose account was taken over via SIM swap, and cryptocurrency investors who have lost millions. The attack works because carriers historically relied on easily obtained personal information like the last four digits of your SSN or your mother's maiden name to verify port-out requests. Once your number is swapped, the attacker receives all calls and texts to your number, including one-time passcodes for bank accounts and email resets.

Step-by-Step Instructions

  1. AT&T: Log in to your AT&T account at att.com or through the myAT&T app. Go to Account > Manage my device > Phone & device options, and add an "extra security" passcode to your account. This passcode is required for any SIM changes or port-out requests. You can also call AT&T customer service at 1-800-331-0500 and request a port freeze.
  2. T-Mobile: Log in at t-mobile.com or through the T-Mobile app. Go to Account > Profile > Privacy & Security > SIM Protection, and toggle it on. You can also call 1-800-937-8997 or dial 611 from your T-Mobile phone. T-Mobile also offers Account Takeover Protection which adds a PIN requirement.
  3. Verizon: Log in at verizon.com or through the My Verizon app. Go to Account > Account Security > SIM Change, and set up a Number Lock. This prevents your number from being transferred without your authentication. You can also call 1-800-922-0204 and request a port freeze PIN.
  4. For all carriers, set a unique account PIN or passcode that is different from any other PIN you use. Do not use your birthday, last four of your SSN, or other easily guessed numbers.
  5. Ask your carrier to add a note to your account that no SIM changes or port-out requests should be processed in-store or by phone without your account PIN and government-issued photo ID verification.
  6. Test your lock by calling your carrier from a different phone and attempting to make account changes. They should require your PIN before proceeding.

Common Mistakes to Avoid

  • Using a weak or guessable PIN: Do not use 1234, 0000, your birthday, or the last four digits of your SSN. Use a random 6-8 digit PIN and store it in your password manager.
  • Forgetting prepaid or secondary lines: If you have a tablet line, smartwatch line, or family member on your plan, each line should be protected.
  • Only setting a PIN but not enabling SIM lock: A PIN and a SIM lock are different features. You need both: the PIN protects account changes, and the SIM lock specifically prevents port-outs.
  • Not following up: Some carrier representatives enable protections incorrectly. After setting up the lock, call back to verify it is actually active on your account.

Additional Tips

  • Move your most important accounts (email, banking) away from SMS-based 2FA and onto an authenticator app or hardware security key. This way, even if a SIM swap succeeds, the attacker still cannot bypass your 2FA.
  • If you use a smaller carrier (Mint Mobile, Cricket, Google Fi), check their specific SIM lock procedures. Most MVNOs offer some form of account PIN protection.
  • Consider porting your number to Google Fi, which has strong SIM swap protections due to its Google account-based authentication model.

Last updated: February 10, 2026