SIM-Swap Account Takeover

How to Find a SIM-Swap Scammer

A SIM swap is one of the fastest, most devastating attacks there is. One minute your phone has signal; the next it reads “No Service,” and somewhere a stranger holding your number is resetting passwords and draining accounts. The first hour decides how bad it gets. This guide walks through exactly what a SIM swap is, the warning signs that you are mid-attack, the emergency steps that stop the bleeding, every agency and company you need to report to, and the part almost no one explains: how the insider, the cash-out mule, and the real person behind the takeover can be traced lawfully so your reports and any civil case actually have teeth.

Act in the First Hour Report the Right Way Since 2004
No ServiceThe First Warning Sign
Carrier FirstThen FTC and IC3
The PeopleInsider, Mule, Cash-Out
Since 2004Lawful Skip Tracing

The Short Version

If your phone just lost service and you cannot get texts or calls, treat it as a SIM swap and move fast and in this order: call your carrier from another phone and tell them to deactivate the fraudulent SIM and restore your number; then race the attacker to your most important accounts (email first, then banking and crypto) to change passwords and kick out active sessions; freeze your credit and flag your bank. Once you are stable, report to the FTC at IdentityTheft.gov and reportfraud.ftc.gov, to the FBI Internet Crime Complaint Center, and back to your carrier in writing. Then comes the question those reports cannot answer alone: who did this. SIM swaps almost always involve a real person with a real footprint, sometimes a complicit carrier-store employee, and the bank or exchange account the money landed in belongs to someone. People Locator Skip Tracing works that human trail lawfully. Recovery is never guaranteed, and never pay an upfront fee to anyone who promises to get your money or accounts back. That is the second scam.

Watch: Tracing a SIM-Swap Scammer

What to do first, and the lawful path to identifying who did it.

▶ Video Overview

What a SIM Swap Actually Is

Understanding the attack is the first step to fighting back.

A SIM swap, sometimes called SIM hijacking or a port-out scam, is a takeover of your phone number rather than your phone. Every mobile number lives on a carrier account, and the carrier can move that number to a new SIM card or a new eSIM profile whenever a “customer” asks and passes verification. In a SIM swap, the attacker convinces your carrier that they are you, and the carrier obligingly moves your number onto a SIM in the attacker’s possession. The instant that happens, your handset goes dark and theirs starts ringing. Your calls, your texts, and crucially your text-message security codes now arrive on the attacker’s device.

That last point is the whole game. So much of modern life uses your phone number as the master key: it is the “forgot password” fallback for your email, the one-time code your bank texts you, the recovery method on your crypto exchange. Control the number and an attacker can chain a cascade of password resets through email into banking and digital wallets within minutes. They get to your number one of two ways. The first is information: they impersonate you to the carrier using personal details harvested from data breaches, phishing, or your own public footprint, then talk a call-center agent into the swap. The second is uglier and increasingly common: an insider, a complicit or bribed carrier-store or call-center employee, processes the swap directly, skipping verification entirely. Either way, real human beings are involved at multiple points, and that is exactly what makes attribution possible.

Warning Signs You Are Being Swapped

The pattern moves fast. If several of these hit at once, treat it as an attack.

Sudden “No Service”

Your phone drops to “No Service,” “SOS,” or “Emergency Calls Only” with no outage, while others on your network are fine. This is usually the first sign.

Texts and Calls Stop

You stop receiving calls and texts entirely, including the two-factor codes your bank and email normally send.

A Swap You Did Not Make

Your carrier emails or messages another contact to confirm a SIM change, number transfer, or new device you never requested.

Password-Reset Storm

A flurry of “your password was changed” or “new login” alerts hits your email for accounts you did not touch.

Locked Out of Accounts

Your own email, bank, or exchange login suddenly fails, and the recovery codes go to a number that is no longer yours.

Unexpected Money Moves

You spot withdrawals, transfers, or new payees you never set up, often the first real-world damage of a swap.

The First Hour: Emergency Steps

Speed is everything. You are racing the attacker through your own accounts.

From the moment your number moves, the attacker is sprinting through password resets, so you have to move faster. Do not wait to “see if it comes back.” Borrow a phone, get to a laptop, and work the order below. As soon as you are stable, file with the FTC fraud reporting site and follow the recovery checklist at the FTC’s identity-theft service, because a SIM swap is identity theft and the agency walks you through reclaiming each account.

1

Call Your Carrier Now

From another phone, reach your carrier’s fraud line. Tell them your number was SIM-swapped without authorization, demand the fraudulent SIM be deactivated and your number restored, and add a port-freeze and account PIN.

2

Reclaim Email First

Email is the skeleton key to everything else. Change its password, sign out of all active sessions, and switch recovery off your phone number to an authenticator app or backup codes.

3

Lock Down Bank and Crypto

Call your bank and any exchange, report the takeover, freeze transfers, and reset credentials. Replace any text-based two-factor with an authenticator app so the number no longer unlocks the account.

4

Freeze Credit, Then Report

Place a credit freeze with the major bureaus, report at IdentityTheft.gov and reportfraud.ftc.gov, and file with the FBI IC3. Save every confirmation, alert, and timestamp as evidence.

What to Gather While It Is Fresh

The evidence that survives is the evidence you capture in the first day. Pull it together now.

A SIM swap leaves a sharp trail if you preserve it before it ages out. On the carrier side, note the exact time your service died, request a written record of the swap from your carrier including the date, time, the store or channel where it was processed, and the new device or SIM identifier (the IMEI or ICCID) the number was moved to, since that detail can point straight at an insider or a physical location. On the account side, screenshot every “password changed,” “new login,” and “new device” alert with its timestamp, and capture the IP addresses and device names those alerts list. On the money side, document every unauthorized transfer, the receiving bank account or card, any crypto wallet address funds moved to, and the transaction IDs. Also save anything that arrived right before the attack, such as a phishing text or call spoofing your carrier, because the social-engineering setup is often where the human identifiers first appear. Keep one dated folder, because you will reuse it for the carrier, the FTC, the FBI, your bank, and any attorney. The more precisely the swap, the logins, and the transfers are documented, the more a lawful investigation has to work with.

Where to Report Every Channel

File with all of these. Each one does something the others cannot.

WhereWhat It DoesHow to Reach
Your CarrierReverses the fraudulent swap, locks the account, and holds the internal records showing who processed it and from where.Fraud department, follow up in writing
FTC IdentityTheft.govGenerates a personal recovery plan and an official identity-theft report you can use to dispute fraudulent activity.consumer.ftc.gov
FTC Report FraudLogs the scam for federal enforcement and pattern analysis across many victims.reportfraud.ftc.gov
FBI IC3The central federal intake for internet crime and account-takeover fraud; feeds investigations and seizures.ic3.gov
FCCTakes complaints about carrier port-out and SIM-swap handling and pushes providers to tighten protections.FCC consumer complaint center
Bank and ExchangeFreeze transfers, reverse what they can, and preserve records under law-enforcement request.Fraud and compliance teams
Local PoliceCreates an official report many banks and insurers require, and routes a local insider angle to investigators.Non-emergency line, get a case number

Do not skip a channel because you assume nothing will come of it. Account-takeover cases are built from detailed complaints that let investigators connect one carrier breach, mule account, or insider to many victims. Filing with the FCC matters too, because regulators use those complaints to hold carriers accountable for weak port-out controls. Your report may be the one that links your swap to a pattern law enforcement is already tracking.

What Happens After You File

Set realistic expectations so you keep moving instead of waiting.

Filing federal complaints does not trigger a call the next morning. The FBI Internet Crime Complaint Center takes in enormous volumes of reports and generally does not respond to each one individually; your complaint becomes data analysts aggregate to connect carriers, mule accounts, and suspects, and it forms part of the record if a case or seizure later develops. Your carrier’s internal investigation may confirm where and how the swap was processed, which is useful both for clearing the fraud off your account and for any later attribution. Save every complaint number and confirmation. In the meantime, treat your case as active rather than closed: keep your evidence folder current, watch for official notices, and be sharply skeptical of anyone who contacts you first claiming to be from your carrier, a bank, or an agency, or claiming they can recover your money or accounts for a fee. The strongest cases are the ones where the victim kept building the file and pursued the parallel tracks below instead of going quiet.

How the People Behind a Swap Get Traced

Two trails run side by side. Most victims only know about one.

The technical trail. This is the lane your carrier, the banks, the exchanges, and law enforcement work, and it is powerful precisely because a SIM swap is so logged. The carrier knows the exact channel and timestamp of the swap and the device the number moved to; banks and exchanges hold the IP addresses, device fingerprints, and login records of the takeover; and where crypto was cashed out, the blockchain preserves a permanent path of the funds. With subpoenas and internal records, investigators can tie a swap to a store, an employee badge, an IP, or a deposit address at a regulated exchange. Our role on this side is supportive: documenting and organizing the swap record, the login alerts, and the transaction trail so your report is one investigators can actually act on. Our overview of how to investigate fraud walks through how that documentation comes together.

The human trail. This is the lane almost no one works, and it is where People Locator Skip Tracing fits. A SIM swap is not a faceless event; it runs on real people. There is the insider, the carrier-store or call-center worker who processed the swap, often traceable to a specific location and shift. There is the mule, the person whose bank account or card received the stolen funds, and the U.S.-based individual who opened the exchange account used to cash out. There is the social-engineering contact: the phone number, email, or handle used to phish you or impersonate the carrier. Those identifiers can be researched lawfully through public records and skip tracing to surface a real name, address, and associates, the same way our guides on identifying a scammer by phone number and tracing the people behind a fraud through an email address approach it. A named, located individual changes everything: it strengthens your IC3 and carrier reports, gives a prosecutor or an attorney something concrete, and opens the door to a civil claim that technical logs alone cannot support.

What Recovery Realistically Looks Like

Honest odds, and the legitimate paths that exist.

It would be dishonest to promise a full recovery, and anyone who does is lying. The truth sits between hopeless and easy, and it depends heavily on how fast you moved and how much you documented. The most reachable path is reversal and reimbursement through the institutions: banks can sometimes claw back unauthorized transfers caught quickly, and there are documented cases where carriers have been held responsible for negligent SIM-swap handling. Whether you recover often turns on proving the swap was unauthorized, which is exactly why the carrier record and your timestamped alerts matter so much.

A second path is a civil claim against an identified perpetrator, mule, insider, or facilitator, which depends entirely on being able to name and locate a real person and any assets in their name. That is where lawful skip tracing and a thorough search for hidden assets do the heavy lifting, turning an anonymous attack into a defendant with a footprint. A third avenue is criminal prosecution, where your detailed report and any named suspect feed an investigation that may later produce restitution. None of these is guaranteed, all of them improve with speed and documentation, and several can run at the same time.

Don’t Get Hit Twice

The recovery scam targets people who already lost money or accounts. Watch for these.

An Upfront Fee

Any “recovery” service that demands payment before it returns a cent or restores an account is a scam. Legitimate help is not pay-to-unlock.

A Guarantee

“We will get everything back” is impossible to promise. Real outcomes depend on institutions, investigations, and the law.

They Found You

Unsolicited contact from a “recovery agent” or fake carrier rep, especially one who already knows you were swapped, is a major red flag.

Passwords or Remote Access

No legitimate firm needs your account passwords, seed phrase, two-factor codes, or remote control of your device. Ever.

Fake Government Ties

Claims of being “approved by” or “working with” a federal agency to recover funds for a fee are not how agencies operate.

Pay in Crypto or Gift Cards

Being asked to send cryptocurrency or gift cards to “release” or “unlock” your recovered funds is a fresh scam stacked on the first.

How People Locator Skip Tracing Helps

We trace the people behind the swap, lawfully, so your case has teeth.

Swap Victims

Identify the person behind the takeover

Attorneys

Locate an identified mule or insider

Crypto Holders

Trace a drained-wallet cash-out account

Investigators

Add public-records depth to a case

Fraud Teams

Tie an account to a real holder

Anyone Owed

Find a person before pursuing them

SIM-swap attackers run on the same rails as other account-takeover fraud, so the people behind them surface through the same lawful research that powers our work on finding someone who scammed you and full-spectrum skip tracing. Send us what you have, even if it feels like nothing: a phone number, an email, a username, the store where the swap was processed, the account a transfer landed in, or a name the attacker used with your carrier. We work strictly for lawful, permissible purposes, we never confront anyone on your behalf, and we tell you honestly what the records can and cannot show. For a legitimate matter, an initial locate typically comes back within 24 hours.

Our Commitment

We do not sell false hope or “guaranteed recovery.” We do the lawful research most services skip: tracing the real people behind a SIM swap, the insider, the mule, and the cash-out account, so your reports and any civil action carry weight. Honest, permissible-purpose skip tracing since 2004.

People Locator Skip Tracing Investigation Team – investigators conducting skip tracing and public-records research since 2004, working lawful, investigative-grade sources for legitimate purposes only. Last reviewed 2026. This page is general information, not legal, financial, or tax advice.

Frequently Asked Questions

How do I know it is a SIM swap and not just a dead zone?

A SIM swap shows “No Service,” “SOS,” or “Emergency Calls Only” when there is no outage and others on your network have signal, and it usually arrives with a storm of password-reset and new-login alerts on your email and bank. A normal dead zone fixes itself when you move; a swap does not, and a quick call to your carrier from another phone confirms whether your number was moved to a new SIM.

What is the very first thing I should do?

Call your carrier from another phone, tell them your number was SIM-swapped without authorization, and demand the fraudulent SIM be deactivated and your number restored, plus a port-freeze and PIN. Then immediately reclaim your email, because it is the recovery key to almost everything else, before moving to banking and crypto.

Who should I report a SIM swap to?

Report to your carrier in writing, to the FTC at IdentityTheft.gov and reportfraud.ftc.gov, to the FBI Internet Crime Complaint Center at ic3.gov, and to the FCC for carrier port-out handling. Notify your bank and any exchange, and file a local police report for the case number banks often require. Each channel does something the others cannot.

Can the person who did the SIM swap actually be identified?

Often, yes. A SIM swap runs on real people: the insider who processed it, the mule whose account received the funds, the person who opened the cash-out exchange account, and the number or email used to social-engineer you. Those identifiers can be researched lawfully through public records and skip tracing to surface a real name and location, even when the attacker tried to stay anonymous.

Was an insider at my carrier involved?

Sometimes. A meaningful share of SIM swaps are processed by a complicit or bribed carrier-store or call-center employee who skips verification. The written swap record your carrier holds, including the channel, timestamp, and device the number moved to, is what can point to an insider and a specific location, which is why requesting that record early matters.

Can I get my money or accounts back?

Sometimes, but never by guarantee. Banks can occasionally claw back transfers caught quickly, carriers have been held responsible for negligent swaps, and a civil claim or prosecution can produce restitution when a real person is identified and located. Recovery improves dramatically with speed, detailed documentation, and the ability to name who did it.

A company offered to recover my accounts for a fee. Is that legitimate?

Treat it as a second scam. Recovery operations that demand an upfront fee, guarantee results, contact you out of the blue, ask for your passwords or two-factor codes, or want payment in crypto or gift cards are preying on victims. Legitimate help does not require pay-to-unlock, and no real firm needs your credentials.

What does People Locator Skip Tracing actually do on a case like this?

We work the human trail, not your carrier’s internal systems. Using lawful public-records research and skip tracing, we help identify and locate the real people behind a swap, the insider, the mule, and the cash-out account holder, producing a named, located individual that strengthens your reports and any civil claim. We do not take custody of funds, confront anyone, or promise recovery.

Hit by a SIM Swap? Start Tracing.

We trace the real people behind the swap, the insider, the mule, and the cash-out account, lawfully, so your reports and any civil case carry weight. Contact us to get started.

Start Your Request →