Photo : Tony Webster ( Flickr

You know what’s worse than having your password stolen? Having your phone number stolen. SIM-swapping, a type of identity theft, is a means for scammers to get access to your phone number and all of the personal accounts secured through it.


The attacker calls a phone provider, pretending to be a customer, and asks to port the number they’re trying to steal to a new SIM card, possibly on a new provider. With your phone number, the attacker can access any personal information secured with your phone, including any platforms that send two-factor Authentication codes via SMS. Since these “cyberattacks” involve good old fashioned cons over the phone, the usual digital security measures we recommend will not save you.



That doesn’t mean you’re powerless, though. All four of the major phone service providers—AT&T, Verizon, T-Mobile, and Sprint—offer some measure of extra protection against SIM-Swapping if you ask for it. For starters, all four companies allow (or require) users to set up a PIN for making large account-level changes, including porting your number to a new SIM card. For Sprint and AT&T, setting up an account-level PIN is optional. T-Mobile requires customers to set a PIN before accessing certain features, such as calling customer service, though it is still on you to go online and set a PIN in the first place. Verizon requires everyone to make a PIN, and will prompt you to set it the when you access your account online for the first time.




If you have not set a PIN, you should log into your account online, go to security settings, and find the setting to add or update your PIN. Here are links to each company’s step-by-step instructions for setting up and/or changing your PIN.



Some providers offer tighter security upon request. According to Motherboard, T-Mobile has a security option called “NOPORT,” which mandates that porting your number to a new SIM or provider requires a photo ID check, which needs to take place in person at a store. That takes phone- and chat-based ruses off the table. According to the same report, Sprint also has a high-security designation called “Security Plus,” which must also be requested via customer service.



Interestingly, these high-security options don’t seem to be common knowledge and, as Motherboard points out, service providers aren’t especially keen on discussing them. The best you can do is call customer service and ask about high-security measures for your account. With T-Mobile and Sprint you can opt for the services mentioned above; at other providers, you may have to ask more broadly.



As always, when you’re talking to a provider’s customer service line, you may have to step on some toes (or at least escalate your concern) to get what you want. If you have a specific reason for asking to increase your security—not that you should need one to access these services—be prepared to bring it up.