A SIM swap moves your phone number to a SIM in someone else's hands. The attacker calls your mobile carrier, pretends to be you, and asks them to activate the number on a new SIM. If the carrier agrees, your phone loses service and theirs starts receiving your calls and texts.

The reason this matters is that your phone number is the recovery method for a lot of accounts. Email, banking, exchanges, social media. Many of these will send a code by text when someone says they forgot the password. The person with your number receives that code. Within minutes they can be inside accounts that were yours that morning.

The attacker usually knows enough about you to pass the carrier's identity check. They have your name, your date of birth, your address, the last four digits of a card. Most of this is on the open web for any person of standing. The carrier asks a few questions; the attacker has the answers; the swap goes through.

The signs are simple. Your phone stops working. Texts and calls stop arriving. Sometimes you get a notice from your carrier that the number has been transferred. By the time you read it, the accounts that used your number for recovery may already be lost.

·

The defences are several and they need to be in place before anything happens. A carrier PIN that has to be quoted before any account change. A separate phone number used only for sensitive recovery, not shared anywhere. Hardware security keys rather than SMS codes wherever a service allows it. A short list of trusted devices for each account.

The desk reads what your number is presently tied to, identifies the recovery routes a SIM swap would open, and works with you on the changes that close them. Most of this work is done once and then watched.