Security Tip

How to Lock Your SIM Card and Why You Should Do It Today

March 17, 2026  ·  Silent Security Research Team  ·  4 min read

Your phone number is the skeleton key to your digital life. It receives password reset codes, two-factor authentication texts, and bank verification calls. And right now, a criminal can steal it from you with nothing more than a phone call to your carrier. The attack is called SIM swapping, and it takes less than ten minutes. Locking your SIM takes even less.

What Is SIM Swapping?

In a SIM swap attack, a criminal contacts your phone carrier and convinces them to transfer your phone number to a new SIM card — one the attacker controls. They do this by impersonating you, often using personal details scraped from data breaches, social media, or the dark web. Once they have your number, every SMS verification code sent to "you" goes directly to them instead.

From there, the damage is fast: password resets on your email, bank accounts drained, cryptocurrency wallets emptied, social media accounts hijacked. The FBI's Internet Crime Complaint Center reported over $68 million in SIM swapping losses in a single year — and that only counts the cases people reported.

Why a SIM PIN Stops This

A SIM PIN (sometimes called a SIM lock or account PIN) adds a required passcode before any changes can be made to your account — including number transfers. Without your PIN, a carrier representative cannot port your number to a new SIM, even if the attacker knows your name, address, and last four digits of your Social Security number. It is the single most effective protection against SIM swapping, and every major carrier offers it for free.

Important: A SIM PIN is different from your phone's screen lock PIN. Your screen lock protects your physical device. A SIM PIN protects your phone number at the carrier level. You need both.

How to Lock Your SIM: Step-by-Step

AT&T

  1. Log in to your AT&T account at att.com or open the myAT&T app.
  2. Go to Profile > Sign-in info > Wireless passcode.
  3. Create a new passcode (4–8 digits). Do not use your birthday or the last four digits of your SSN.
  4. Toggle on Extra Security (this requires the passcode for all account changes, including in-store visits).
  5. Write down your passcode and store it somewhere secure — a password manager is ideal.

T-Mobile

  1. Call T-Mobile at 611 from your T-Mobile phone, or dial 1-800-937-8997.
  2. Ask the representative to add Account Takeover Protection to your account.
  3. You can also do this in the T-Mobile app: go to Account > Profile settings > Privacy & notifications > SIM protection and toggle it on.
  4. Set a Customer PIN (6–15 digits) under Profile settings > PIN/Passcode if you haven't already.
  5. Confirm the PIN is required for all port-out and SIM change requests.

Verizon

  1. Log in to your Verizon account at verizon.com or open the My Verizon app.
  2. Navigate to Account > Account security.
  3. Enable Number Lock — this prevents your number from being ported to another carrier without you first unlocking it.
  4. Set an Account PIN (4 digits) under account security settings if you haven't already. Avoid obvious combinations like 1234 or your birth year.
  5. Verify that both Number Lock and the Account PIN are active before logging out.

Other Carriers

If you use a different carrier — US Cellular, Mint Mobile, Visible, Cricket, Metro by T-Mobile, Google Fi, or any other provider — call their customer support line and ask for two things: (1) a SIM lock or port-out PIN on your account, and (2) a note requiring in-person ID verification for any SIM changes. Most carriers now offer these protections, but you typically have to ask for them.

Already a victim? If your phone suddenly loses service for no reason, act immediately. Call your carrier from another phone and tell them you suspect a SIM swap. Ask them to reverse the port and lock your account. Then change passwords on your email, banking, and any account that uses SMS-based two-factor authentication — starting with your primary email. File a report with the FBI's IC3 at ic3.gov and place a fraud alert with all three credit bureaus.

Go Further: Move Beyond SMS Verification

Locking your SIM is the critical first step, but the strongest defense is eliminating SMS-based two-factor authentication entirely where possible. Switch your most important accounts — email, banking, social media — to an authenticator app like Google Authenticator, Authy, or Microsoft Authenticator. Better yet, use a hardware security key like a YubiKey for your email and password manager. These methods cannot be intercepted by a SIM swap.

Your action item for today: Set your SIM PIN right now. It takes under five minutes. Open your carrier's app or website, follow the steps above, and store the PIN in your password manager. Then switch at least one account — your primary email — from SMS codes to an authenticator app. Those two changes will make you dramatically harder to attack.

Go deeper

Identity Theft Recovery: The Complete Guide → Best Password Managers for 2026 → How to Freeze Your Credit at All 4 Bureaus → Online Safety Guide for Families →

More from the Blog

Security Tip
Small Business Cybersecurity Guide 2026
8 min read
 Threat Alert
The 5 Financial Scams Targeting Your Teenager Right Now
6 min read
 Security Tip
How to Talk to Your Kids About Credit
7 min read

Try These Tools

🛡 Security Scorecard 🔧 Kit Builder

Get Posts Like This by Email

New posts weekly. No spam. Unsubscribe anytime.