SIM swap attacks exploit misplaced trust in phone numbers as identity anchors, allowing criminals to persuade a carrier to transfer a victim’s number to a SIM under their control and take over digital identities across email, banking, cloud services and more. Once the number is reassigned, attackers can intercept OTPs and MFA prompts and initiate password resets, enabling account takeovers at scale.
Authorities have investigated thousands of SIM swap cases with millions in reported losses, and the article notes that the real change is in the attack’s scale and reliability, driven by data breaches, social engineering and weak telecom verification. A key statistic cited is that about 35 million U.S. numbers are recycled annually, according to the Federal Communications Commission (FCC).
The piece argues that phone numbers should not serve as standalone identity factors and urges organisations to move from SMS to phishing-resistant authentication, device-bound recovery, and continuous identity threat detection and risk-based controls. It also highlights the telecom factor, calling for enhanced verification and real-time alerts at the carrier level, and stresses that identity is the new security perimeter. March 10, 2026. according to the Federal Communications Commission (FCC).