Federal Communications Commission FCC 23-95
calls used to authenticate a customer’s financial, social media, and other accounts, the bad actor may have
the means to gain access to these accounts and then change login credentials, obtain sensitive information,
drain bank accounts, and sell or try to ransom social media accounts.
12
Victims can also be harmed by the
loss of service on their devices—the phone going dark or only allowing 911 calls—which is typically the
first sign that SIM swap or port-out fraud has occurred.
8. The Commission and the Federal Trade Commission (FTC) have received hundreds of
customer complaints about SIM swap and port-out fraud.
13
Some of the complaints describe wireless
provider customer service representatives and store employees who do not know how to address instances
of fraudulent SIM swaps or port-outs, resulting in customers spending many hours on the phone and at
retail stores trying to get resolution. Other customers complain that their wireless providers have refused
to provide them with documentation related to a fraudulent SIM change, making it difficult for them to
pursue claims with their financial institutions or law enforcement. Several customer complaints filed with
the Commission allege that a wireless provider’s store employees are involved in the fraud or that
providers completed SIM changes despite the customer having previously set a PIN or password on the
account.
9. A study published in 2020 by a group of Princeton University researchers found that
some wireless providers are using insecure mechanisms to authenticate the identities of individuals
making SIM change requests.
14
The researchers opened ten pre-paid accounts each with five major
12
See, e.g., Department of Justice, U.S. Attorney’s Office, Western District of Texas, San Antonio Pair Plead Guilty
to SIM Swap Scheme (Oct. 12, 2022), https://www.justice.gov/usao-wdtx/pr/san-antonio-pair-plead-guilty-sim-
swap-scheme; Department of Justice, U.S. Attorney’s Office, Eastern District of Louisiana, California Resident
Pleads Guilty for His Role in Sim Swap Scam Targeting at Least 40 People, Including New Orleans Resident (May
18, 2022), https://www.justice.gov/usao-edla/pr/california-resident-pleads-guilty-his-role-sim-swap-scam-targeting-
least-40-people; Alina Machado, Woman Loses Life Savings in SIM Swap Scam (Aug. 26, 2022),
https://www.nbcmiami.com/responds/woman-loses-life-savings-in-sim-swap-scam/2845044/; U.S. Department of
Justice, Office of the U.S. Attorneys, District of Maryland, Two Men Facing Federal Indictment in Maryland for
Scheme to Steal Digital Currency and Social Media Accounts Through Phishing and “Sim-Swapping” (Oct. 28,
2020), https://www.justice.gov/usao-md/pr/two-men-facing-federal-indictment-maryland-scheme-steal-digital-
currency-and-social-media; U.S. Department of Justice, Office of the U.S. Attorneys, Eastern District of Michigan,
Nine Individuals Connected to a Hacking Group Charged With Online Identity Theft and Other Related Charges
(May 9, 2019), https://www.justice.gov/usao-edmi/pr/nine-individuals-connected-hacking-group-charged-online-
identity-theft-and-other (reporting the indictment of nine individuals alleged to have participated in thefts of victims’
identities to steal cryptocurrency via “SIM Hijacking”); Lorenzo Franceschi-Bicchierai, Hacker Who Stole $5
Million By SIM Swapping Gets 10 Years in Prison (Feb. 1, 2019), https://www.vice.com/en/article/gyaqnb/hacker-
joel-ortiz-sim-swapping-10-years-in-prison (reporting that a 20-year old student who stole more than $5 million in
cryptocurrency by hijacking the phone numbers of around 40 victims pleaded guilty and accepted a plea deal of 10
years in prison, believed to be the first person convicted of a crime for SIM swapping); Gertrude Chavez-Dreyfuss,
U.S. Investor Sues AT&T for $224 million over loss of cryptocurrency (Aug. 15, 2018),
https://www.reuters.com/article/us-cryptocurrency-at-t-lawsuit/u-s-investor-sues-att-for-224-million-over-loss-of-
cryptocurrency-idUSKBN1L01AA.
13
According to staff review of informal complaints submitted through the Commission’s Consumer Complaint
Center, https://consumercomplaints.fcc.gov/hc/en-us, the Commission received approximately 300 complaints in
2020 concerning SIM swap or port-out-fraud, 400 in 2021, and 500 in 2022. The FTC identified 966 consumer
reports of “Phone Carrier Switching” in 2020, 157 in 2021, and 188 in 2022. See Federal Trade Commission,
Consumer Sentinel Network Data Book 2022 (Feb. 2023), at Appx. B, p. 88,
https://www.ftc.gov/system/files/ftc_gov/pdf/CSN-Data-Book-2022.pdf. The FTC published a consumer alert
regarding SIM swap scams in 2019. Alvaro Puig, FTC, SIM Swap Scams: How to Protect Yourself (Oct. 23, 2019),
https://consumer.ftc.gov/consumer-alerts/2019/10/sim-swap-scams-how-protect-yourself.
14
See Kevin Lee, Ben Kaiser, Jonathan Mayer, Arvind Narayanan, Center for Information Technology Policy,
Princeton University, An Empirical Study of Wireless Carrier Authentication for SIM Swaps, August 2020, at Appx.,
available at https://www.usenix.org/system/files/soups2020-lee.pdf.