SIM Swap Attack Prevention: Why Celebrities Are the Number 1 Target

Posted: March 25, 2026 to Cybersecurity.

SIM Swap Attack Prevention: Why Celebrities Are the Number 1 Target

SIM swap attacks occur when an attacker convinces a mobile carrier to transfer a victim's phone number to a SIM card under the attacker's control, enabling interception of calls, text messages, and SMS-based two-factor authentication codes. Celebrities and high-profile individuals are the primary targets because their compromised accounts yield the highest financial returns and because their personal information is readily available through data brokers, public records, and social media, making the social engineering component easier to execute.

The FBI's Internet Crime Complaint Center reported 2,026 SIM swap complaints in 2025 with adjusted losses exceeding $72 million, a 74% increase from the prior year. Industry researchers estimate that reported cases represent fewer than 20% of actual incidents because many victims are unaware they have been targeted until significant damage has already occurred. A single SIM swap can compromise email, banking, cryptocurrency, social media, and cloud storage accounts within minutes.

How SIM Swap Attacks Work

Step 1: Target Research

The attacker gathers the victim's personal information: full name, date of birth, home address, last four digits of their Social Security number, and mobile carrier account details. For celebrities and public figures, much of this information is available through data broker sites, public records, and social media profiles. Removing personal information from the internet reduces the data available for this phase.

Step 2: Carrier Contact

The attacker contacts the victim's mobile carrier, impersonating the account holder. They claim a lost or damaged phone and request that the phone number be transferred to a new SIM card. Methods include calling customer support, visiting a retail store with a fake ID, or using an online account management portal. In some cases, attackers bribe or coerce carrier employees directly. T-Mobile, AT&T, and Verizon have all been identified in DOJ prosecutions of SIM swap rings.

Step 3: Number Transfer

Once the carrier processes the transfer, the victim's phone loses service and all incoming calls and texts route to the attacker's device. This happens within seconds. The victim's phone may display "No Service" or "Emergency Calls Only."

Step 4: Account Takeover Cascade

With control of the phone number, the attacker resets passwords on email accounts that use SMS-based recovery. With email access, they reset passwords on banking, cryptocurrency, social media, and other accounts linked to that email. The entire cascade from SIM transfer to full account compromise can occur in under 15 minutes.

Why Celebrities Are Target Number 1

High-Value Social Media Accounts

A verified celebrity social media account with millions of followers is worth tens of thousands of dollars on underground markets. Compromised accounts are used to promote cryptocurrency scams, phishing links, and fraudulent product endorsements. The July 2020 Twitter hack that compromised accounts belonging to Barack Obama, Elon Musk, and Bill Gates generated $120,000 in Bitcoin within hours from a single scam post.

Cryptocurrency Holdings

Multiple high-profile SIM swap cases have targeted cryptocurrency investors and tech celebrities. In 2018, investor Michael Terpin lost $24 million in cryptocurrency through a SIM swap attack. In 2019, a SIM swap ring was convicted of stealing over $100 million from cryptocurrency holders, with several victims being publicly known figures in the crypto industry.

Accessible Personal Data

The social engineering required for a SIM swap is significantly easier when the target is a public figure. Home addresses, family members' names, birthdates, and even carrier account details can be assembled from publicly available sources. The more information an attacker has, the more convincingly they can impersonate the account holder to carrier support staff.

Insider Recruitment

Carrier employees have been prosecuted for accepting bribes to process fraudulent SIM swaps. A former T-Mobile employee was sentenced in 2023 for processing SIM swaps in exchange for $500 per transfer. The insider threat is particularly relevant for celebrity targets because the financial incentive for the bribed employee is directly proportional to the target's perceived wealth.

Prevention Measures

Carrier-Level Protections

All three major US carriers now offer SIM protection features, but they must be explicitly activated:

Carrier	Protection Feature	How to Enable	Effectiveness
T-Mobile	Account Takeover Protection + SIM Protection	T-Mobile app or call 611	High (requires in-store ID verification for SIM changes)
AT&T	Extra Security + Port Freeze	MyAT&T app or call customer service	Moderate to High (PIN required, but social engineering of support staff still possible)
Verizon	Number Lock + Account PIN	My Verizon app	Moderate (Number Lock prevents port-out but not in-network SIM changes in all cases)

Move Critical Authentication Off SMS

The most effective protection is eliminating reliance on SMS for authentication entirely. Deploy hardware security keys (YubiKey, Google Titan, Feitian) on all critical accounts. For accounts that do not support hardware keys, use authenticator apps (Authy, Google Authenticator, Microsoft Authenticator) which store codes on the device rather than delivering them via SMS. Petronella Technology Group's cybersecurity team assists clients with this migration across all accounts.

Use a VoIP Number as Primary

Port your primary phone number to Google Voice, which is protected by your Google account security (including hardware key support) rather than carrier-level security. Use a separate physical SIM with a different number for cellular connectivity. This approach makes carrier-level SIM swaps irrelevant for authentication purposes because the number tied to your accounts is not controlled by a mobile carrier.

Reduce Data Broker Exposure

The personal information used to impersonate you to carrier support comes primarily from data brokers and public records. Systematic removal from data broker databases reduces the information available for social engineering. Petronella's VIP Security program includes data broker removal as a standard component.

Implement Account-Level Protections

• Set a unique PIN on your carrier account that differs from other PINs
• Remove your phone number as a recovery option on email and financial accounts
• Enable login alerts on all critical accounts to detect unauthorized access immediately
• Use unique email addresses for high-value accounts so the login email itself is not guessable

What to Do During an Active SIM Swap

If your phone suddenly shows "No Service" or "Emergency Calls Only" and you have not initiated a carrier change, assume a SIM swap is in progress and act immediately:

1. Call your carrier from another phone: Report the unauthorized SIM change and request immediate reversal. Note the case number and representative's name.
2. Change email passwords: Use a computer (not the affected phone) to change passwords on your primary email accounts before the attacker can.
3. Lock financial accounts: Contact your bank and investment firms to freeze accounts and flag for fraud.
4. Secure cryptocurrency: If you hold cryptocurrency, transfer to cold storage or a different wallet immediately.
5. Document everything: Timestamp every action for potential law enforcement investigation and legal proceedings. Digital forensics teams can assist with formal evidence preservation.
6. File reports: Report to local law enforcement and the FBI's IC3 (ic3.gov). File a complaint with the FCC if the carrier's negligence contributed to the attack.

Regulatory Landscape

The FCC adopted new rules effective November 2024 requiring carriers to implement more robust identity verification before processing SIM changes and port-out requests. These rules mandate that carriers offer customers the option to require in-person identification for any SIM transfer. Additionally, carriers must notify account holders at their existing contact information before completing any SIM change. Enforcement actions have included $20 million fines against carriers found negligent in SIM swap prevention.

Several states, including California and Arizona, have enacted additional consumer protection laws specific to SIM swap fraud. Class-action lawsuits against T-Mobile and AT&T for failing to prevent SIM swap attacks have resulted in settlements exceeding $350 million collectively through 2025.

Frequently Asked Questions

Can a SIM swap happen without any warning signs?

The primary warning sign is sudden loss of cellular service ("No Service" or "Emergency Calls Only" on your phone). However, some attackers execute SIM swaps during hours when the victim is likely asleep or otherwise unlikely to notice the service disruption immediately. International travelers whose phones are on airplane mode are particularly vulnerable because the service disruption is masked. Setting up secondary alerting mechanisms, such as email notifications for account login attempts, provides detection even when the primary phone is unavailable.

Does eSIM technology prevent SIM swap attacks?

eSIM technology makes SIM swaps more difficult but does not eliminate them entirely. Physical SIM cards can be swapped by inserting a new card, but eSIM transfers require carrier-side activation, which still involves the same customer service processes vulnerable to social engineering. However, eSIM does eliminate the risk of a stolen physical SIM card and makes in-store swaps harder because there is no physical card to hand to a retail employee. The most important protection remains moving authentication away from SMS entirely, regardless of SIM type. Petronella's account takeover protection service includes AI-enhanced monitoring that detects SIM swap indicators before account compromise occurs.