Mobile Number Hijacking

Robert Broxup

Many people don’t think much about their phone numbers. They feel replaceable, something you keep until you switch providers, upgrade a handset, or lose a SIM. But today, your number is more than just a way to call or text. It’s one of the master keys to your identity. Banks, email services, and social platforms use it to decide whether you are really you. Mobile number hijacking allows attackers to steal your number and use it as a gateway into your digital life. When it happens, it’s usually quick, silent, and devastating.

What is mobile number hijacking?

Mobile number hijacking occurs when someone persuades your provider to transfer your number to a SIM card under their control. The moment it works, your phone goes dead. Calls and texts stop reaching you and instead flow to the attacker, including the one-time passcodes banks and services send by SMS.

With your number, an attacker can:

  • Reset passwords for email, social media, and bank accounts.
  • Bypass two-factor authentication that relies on text messages.
  • Impersonate you to friends, family, or colleagues.
  • Drain money or harvest personal data before you realise what’s happened.

How does it happen?

Criminals prepare carefully:

  • Data gathering – Collecting personal details such as name, address, and date of birth from phishing, social media, or leaked databases.
  • Exploiting weak checks – Taking advantage of providers that still rely on simple, easy-to-fake identity questions. In some cases, insiders have assisted.
  • Impersonation – Contacting the provider, posing as you, and requesting that the number be moved to a new SIM.

Where criminals get your information

To make impersonation believable, attackers first gather personal details that let them sound convincing. They assemble fragments of data from public, commercial, and illicit sources until they can pass themselves off as you.

  • Data brokers collect, package, and sell information found in public records. Scammers can buy your phone number from these companies.
  • Public social media profiles. Many social media and other sites ask for a phone number when signing up, with some leaving that information publicly available.
  • Fraudsters can send fake emails asking you to confirm personal information and contact details or pressuring you into calling them.
  • Phone scammers use tools that automatically call random or sequential phone numbers, hoping that unsuspecting victims will pick up.
  • If you’ve been the victim of a scam in the past, you may be on a target list that scammers share with each other.
  • Spyware and other malware infections. Hackers can trick you into downloading software that allows them to spy on you or steal personal information, such as your phone number.
  • Hacking unsecured Wi-Fi networks. If you enter your phone number on a website while using public Wi-Fi, hackers may be able to spy on you or intercept the data.
  • Stolen mail. Some scammers prefer old school methods, such as mail theft, to collect sensitive personal details and contact information.

Once successful, speed is the weapon. Accounts can be reset and funds transferred within minutes.

Warning signs

You can’t always spot an attack in advance, but watch for:

  • Sudden loss of mobile signal.
  • Unexpected account lockouts.
  • Password reset messages or login alerts you didn’t trigger.
  • Fraud warnings or unrecognised transactions.

How to protect yourself

You can’t make yourself completely immune, but you can make attacks harder to pull off:

  • Share less personal information. Limit what you post publicly, especially birthdays, addresses, and work history.
  • Use strong, unique passwords. A password manager helps avoid reuse across accounts.
  • Switch to app-based authentication. Apps like Microsoft Authenticator or Google Authenticator generate codes directly on your device, unaffected by SIM hijacking. Microsoft Authenticator also supports secure passwordless logins.
  • Stay alert to phishing. Treat rushed or unusual requests for personal details with suspicion.
  • Monitor your accounts. Review bank statements, email logins, and cloud activity regularly.

What to do if you suspect hijacking

If your number is hijacked, speed matters:

  • Contact your provider immediately to block the fraudulent SIM and recover your number.
  • Secure your accounts by changing passwords and moving away from SMS-based two-factor authentication.
  • Notify your bank and credit providers so they can monitor for fraud.
  • Check connected services such as email and cloud accounts for unrecognised devices and revoke access.

You are not powerless

Your mobile number may feel disposable, but it is one of the most valuable keys to your identity. If a criminal hijacks it, they don’t just take your calls, they can take over your online life. By switching to authenticator apps, adding extra security with your provider, and staying alert to phishing, you can make hijacking far harder to pull off.

Most people never realise how much depends on that small piece of plastic until it’s too late. Think of your number like your wallet, passport, or house keys. Protect it with the same care, because losing it could unlock far more than you expect.