Think It’s a SIM Swap? Do This in the First 60 Minutes

If your phone suddenly lost service and, minutes later, you’re locked out of email, banking, or crypto accounts, you don’t have time to “research.” You have time to act.

A SIM swap is a race. The attacker is trying to reset passwords faster than you can stop them. The first 60 minutes determine whether this ends as an inconvenience or a financial disaster.

This checklist is ordered by impact, not convenience. Follow it top to bottom.

First, take one breath. Not a spa breath. Just enough to keep you from doing random stuff like rebooting your phone 12 times and hoping the universe fixes it.

Second, you are probably going to need a second device. Borrow a phone, grab a laptop, use a tablet, anything. In the first hour, “I don’t want to bother someone” is a luxury you do not have.

If you’re alone and your brain is spiraling, do this: read the next step out loud, do it, then come back and read the next one. This is basically a script for getting control back.

Do not wait for confirmation from your carrier.

If all of these are true, treat it as a SIM swap right now:

• Your phone shows No Service, Emergency Calls Only, or lost signal unexpectedly
• Calls and SMS stopped working while data may or may not work
• Password reset emails or security alerts just appeared
• You were logged out of major accounts without requesting it

You can verify later. Acting late is how people lose accounts permanently.

Do not try to fix this from the affected number.

Do one of the following immediately:

• Use a different phone on a different carrier
• Use a trusted friend or family member’s phone
• Use a laptop on a secure network

From now on, assume SMS and phone calls to your number are controlled by the attacker.

Your email is the skeleton key. If the attacker controls it, they control everything else.

From a safe device:

1. Change your email password immediately
2. Log out of all active sessions
3. Remove SMS-based recovery options
4. Switch 2FA to an authenticator app or hardware key
5. Check email forwarding rules and recovery addresses

If you can only secure one account in the first 15 minutes, make it your email.

Do not call regular support.

Ask for:

• Fraud department
• Port-out abuse team
• Number takeover escalation

Be explicit:

• Tell them your number was SIM swapped
• Demand an immediate SIM suspension
• Request a port freeze and account lock
• Ask when the SIM change occurred and from where

Document:

• Time of the call
• Agent name or ID
• Case or ticket number

This record matters later if money is stolen.

Prioritize accounts in this order:

1. Banks and credit cards
2. Crypto exchanges and wallets
3. Password managers
4. Cloud accounts (Apple, Google, Microsoft)

Actions:

• Change passwords
• Disable SMS recovery
• Freeze transfers if possible
• Flag the account as compromised

If unauthorized transactions already happened, do not delay reporting. Early reports strengthen reimbursement claims.

Attackers often set traps before you notice.

Review:

• Email rules and filters
• Backup recovery emails or phone numbers
• Account-level API keys or app passwords
• Newly added devices or sessions

Remove anything you do not recognize.

Even if everything seems under control, preserve proof now.

Save:

• Screenshots of service loss
• Security alert emails
• Carrier case numbers
• Bank fraud reference IDs
• Timeline of events

This documentation helps with:

• Bank reimbursement
• Carrier disputes
• Credit bureau issues
• Legal or insurance claims

What Not to Do in the First Hour

These mistakes make things worse:

‍

• Waiting for carrier confirmation before acting
• Trying to “test” SMS or call delivery
• Reusing passwords to save time
• Posting publicly for help before securing accounts

Speed beats certainty here.

If You Cannot Reach Your Carrier

Carrier support can be slow, and sometimes you will hit a wall of hold music right when you need a human. If you cannot reach the fraud team fast, do not stop moving.

Try, in parallel:

• Carrier online chat from a laptop
• A retail store visit with a simple ask: “Fraud escalation for a SIM swap”
• Any account security feature you can toggle in your carrier app

Your goal is not perfect customer service. Your goal is to stop the number from moving while you lock down email and money.

After the First Hour: What Comes Next

Once the bleeding stops:

• Recover and re-secure your phone number
• File formal bank fraud claims if needed
• Harden accounts against future SIM swaps
• Add carrier-level protections and number locks

This incident exposed a structural weakness. Fixing it prevents the next one.

If You’re Reading This After the Damage Is Done

Even if money is already gone or accounts were accessed:

• Act anyway
• Document everything
• Escalate through banks and carriers
• Do not assume it’s “too late”

Many people recover funds because they followed a clear sequence, even hours later.

Quick Reminder

A SIM swap is not a phone problem. It’s an identity takeover problem that happens to start with your number.

What you do in the first 60 minutes decides how far it spreads.

FAQs

How Can I Tell If This Is A SIM Swap Or Just A Carrier Outage?

A SIM swap usually comes with account security fallout, not just bad signal. If your phone loses service and you also start seeing password reset emails, login alerts, or you get logged out of key apps, treat it like a SIM swap. Another clue is when calls and texts stop working while other parts of your phone seem fine, or when friends say your number suddenly goes straight to voicemail. Outages do happen, but outages typically do not cause email, banking, or social accounts to start “changing” at the same time.

Should I Restart My Phone Or Remove The SIM Card?

In the first hour, restarting your phone is rarely the fix and can waste precious time. A SIM swap is happening at the carrier level, not because your phone is “glitching.” Removing the SIM can help you stop staring at the signal bars, but it does not stop the attacker from receiving texts and calls if they already moved your number to a different SIM. Your best move is to switch to a safe device and immediately secure your email and financial accounts while you contact your carrier’s fraud team.

What If I Cannot Get Into My Email Because The Attacker Changed The Password?

Go straight to your email provider’s account recovery flow from a safe device and act fast. If you still have access to a logged-in session on a laptop or another device, change the password immediately and log out other sessions. If you are locked out everywhere, recovery is now your top priority because email controls resets for almost everything else. While you are doing recovery, contact your banks and high-risk services to freeze activity, and tell them your phone number may be compromised so they do not rely on SMS to verify you.

What If The Attacker Is Using My Phone Number To Reset My Accounts?

Assume SMS verification is burned until you regain control of the number. Immediately change passwords on critical accounts from a safe device and remove SMS as a recovery or 2FA method wherever possible. Switch to an authenticator app or a hardware key for 2FA, and update recovery options to email addresses and devices you control. Also check for sneaky changes like new recovery emails, new trusted devices, forwarding rules in email, and newly created app passwords. Attackers love “quiet” persistence.

How Do I Prevent This From Happening Again After I Get Control Back?

Once you are stable, do a full “hardening” pass so the same trick does not work twice. Add a strong carrier account PIN, ask for extra verification on SIM changes, and enable any number lock or port-out protections your carrier offers. Then upgrade your account security: stop using SMS for 2FA, use an authenticator app or hardware key, and audit recovery settings everywhere. Finally, change any reused passwords and consider freezing your credit if personal information may have been exposed. The goal is simple: make your phone number less powerful as an attack route.

‍