Imagine this: you’re sitting at home, perhaps enjoying a cuppa, when suddenly your mobile phone loses signal. At first, you might think it’s just a network hiccup. But within minutes, you realise you can’t make calls, send texts, or access your emails.
Then, a notification pops up on your partner’s phone: thousands of dollars have vanished from your joint bank account. You try to call your bank, but your phone is dead to the world.
You’ve just become the latest victim of a SIM swap or phone porting scam—a crime that’s leaving Australians not just out of pocket, but deeply traumatised.
SIM swap and phone porting scams aren’t new, but they’re evolving—and the consequences are more severe than ever.
These scams exploit legitimate processes that telecommunication companies use to help customers move their phone numbers to new SIM cards or carriers.
Typically, these services are lifelines if you lose your phone or switch providers. But in the wrong hands, they can become weapons.
Here’s how it works: a scammer gathers enough of your personal information, often through phishing emails, data breaches, or even social media.
They then contact your telecommunication company, pretending to be you, and request that your number be transferred to a new SIM or ported to another provider.
Once successful, your phone goes dark, and the scammer now receives all your calls and texts, including those crucial two-factor authentication codes used to access your bank, email, and other sensitive accounts.
‘It comes out of the blue,’ Kathy Sundstrom, the national manager for outreach and engagement at IDCare, a cyber support service that assists scam victims, said.
‘The first thing you want to do when something has gone wrong is phone someone, but you can’t. It’s incredibly disempowering when you’re not able to have any kind of phone contact.’
The result? A criminal can drain your bank accounts, open new credit lines, and lock you out of your digital life in minutes.
David Hofierka, a senior policy officer at the Consumer Action Law Centre, another organisation that assists victims of SIM swap and phone porting fraud, added: ‘The perpetrator changes [the victim’s] email, takes out loans in their name, and steals money from their accounts. The customer is helpless and can get really traumatised.’
A growing threat—and a devastating impact
Despite efforts by the Australian Communications and Media Authority (ACMA) and the federal police to crack down on these scams, the problem is getting worse.
Support groups like IDCare and the Consumer Action Law Centre are seeing a surge in victims, many of whom are left feeling helpless and violated.
When your phone goes to ‘SOS Only’ and you can’t call for help, it’s not just inconvenient—it’s terrifying.
For many, their mobile is the only way to contact family, friends, or emergency services. ACMA research shows that 63 per cent of Australians rely solely on their mobile at home, with only 34 per cent still keeping a landline as backup.
The trauma doesn’t end when the scam is over. One Sydney resident shared how his wife’s number was ported without her knowledge, leading to $3000 stolen from their account and a web of fraudulent loans and tax claims in her name.
‘It’s like a physical attack, it’s brutal,’ he said. ‘Not only did we have that unauthorised $3000 transfer, we found out that simultaneously the scammers had opened credit accounts [and that] my wife’s Service NSW, ATO [Australian Tax Office] and Google accounts had been taken over.’
In response to the growing threat, ACMA has introduced rules requiring telcos to use multi-factor authentication for SIM swaps and porting requests.
You might be asked to verify your identity through an app, in-store ID check, or enter a code sent to your device.
While these measures have helped, they’re not foolproof. Last year, Telstra was fined over $1.5 million for failing to properly authenticate customer identities during 168,000 high-risk interactions, including SIM swaps.
Even with the implementation of the new regulations, IDCare has reported that the average monthly contacts to the organisation regarding unauthorised SIM swaps or phone ports increased from 34 in 2023 to 89 in the year leading up to March this year, representing a rise of over 160 per cent.
Regulators are pressuring telecommunication companies to improve their security processes, and police are actively pursuing offenders. In March, a Melbourne man was charged with allegedly attempting to port 86 different mobile numbers—a sign that authorities are taking the threat seriously.
However, the risk remains high as data breaches expose Australians’ personal information. Advocacy groups are calling for even stronger protections and more support for victims, who often face a long and stressful road to recovery.
What can you do to protect yourself?
While telcos and regulators work to strengthen their defences, there are steps you can take to reduce your risk:
1. Guard your personal information.
Be wary of unsolicited emails, texts, or calls asking for personal or financial details. Never click on suspicious links or provide information unless you know the sender’s identity.
2. Watch for warning signs.
If you receive messages or emails about SIM swaps, porting requests, or attempts to leave your telco that you didn’t initiate, contact your provider immediately using a trusted phone number or website.
3. Be cautious with authentication codes.
Never share authentication codes with anyone over the phone, even if they claim to be from your telco or bank.
4. Act fast if you lose service.
If your phone suddenly displays ‘SOS Only’ or loses service for no apparent reason, check your online accounts for suspicious activity. Contact your bank and telecommunication company immediately, and report the incident to IDCare for expert support.
5. Consider a landline or backup.
If you rely solely on your mobile, consider keeping a basic landline or alternative way to contact loved ones and emergency services.
6. Regularly review your accounts.
Monitor your bank, email, and telco accounts for unusual activity. Set up alerts where possible, and use unique passwords for each service.
Have you experienced a SIM swap or phone porting scam? Do you have tips for staying safe or questions about protecting your digital identity? Share your story in the comments below—your experience could help others avoid becoming the next victim.
Also read: Is this innocent-looking WhatsApp text about to cost you thousands? Parents warned of costly scam!
What about having a password on your phone, wouldn’t that lock your phone from having data removed?
SS49
Won’t make any difference. They are stealing your mobile number not the data on your phone.
When your article says ‘contact IDcare’ or similar, please give contact details
Thank you for the feedback, Wantok. We’re apologise for the oversight and have updated the article to include the website of IDcare, where you will find all their contact details.
Thanks Melissa
Is it the same if your sim isn’t a physical card but an ESim?
I don’t know if the current steps are enough but if there’s a rise of 160% of illegal porting it’s seems that Telcos are more reactive instead of being more proactive. Maybe much higher penalties are required. $1.5 million for failing to properly authenticate customer identities during 168,000 high-risk interactions, including SIM swaps. That’s a slap of $8.93 per high-risk interaction. Not properly authenticating customers identities is a serious breach. I’d even go as far as making Telcos totally responsible for all losses and to reimburse all moneys lost to customers as well as huge fines.