What to Do If Your Stolen Phone Number Is Being Used by Attackers (SMS 2FA Hijack)

⚠️Important

Losing control of your phone number is more dangerous than most people realize. If attackers hijack your number, commonly through SIM swapping or port-out scams, they can intercept your SMS-based 2FA codes, reset your passwords, and take over your accounts. Let’s learn how to respond to this:

🚨 Immediate Actions

• Reclaim Your Phone Number
  Call your mobile carrier’s fraud department, you can call regular support and ask them to direct you there, and report both the stolen phone and the SIM swap. Ask them to freeze your account, issue a new SIM tied to your number, and enable port-out protection. While you’re at it, update your account password, PIN, and remove any old or compromised recovery options.
• Reset Passwords Across All Accounts
  On a trusted device (not the stolen one), change passwords for your email, banking, cloud storage, Amazon, anywhere your number might be linked. Use a password manager to generate strong, unique passwords so you never reuse the same one twice.
• Remove SMS as a 2FA Method 

Replace SMS-based 2FA with a more secure method like:

• Authenticator apps (Google Authenticator, Authy)

• Hardware keys (YubiKey)

• Biometrics (where supported) 

SMS is better than no 2FA, but it is highly vulnerable to hijacking. Avoid using it as your primary 2FA method in the future.

• Notify Contacts and Secure Communication: If attackers used your number to impersonate you, let your contacts know, especially those who may be targeted with phishing messages. You may also want to consider switching to a more secure messaging app like Signal, which can be tied to a username or PIN instead of a phone number.

🔍 Audit and Recover

• Secure Your Email First
  Your email is the key to everything. Check for unfamiliar logins or connected apps. If something looks suspicious, remove it (How to do it?). Delete the stolen phone number from recovery options and add one you trust (Add recovery options). 
• Lock Down Financial Accounts
  Call your bank and credit card companies. Let them know what happened. If needed, freeze accounts and set up transaction alerts. If you’re in the U.S. or Canada, freeze your credit reports to stop identity theft in its tracks.
• Wipe the Stolen Phone Remotely

If the phone is still online, use Find My iPhone or Google Find My Device to lock it, leave a message, and wipe it remotely. Even if it doesn’t happen immediately, the command may activate if the phone connects to the internet.

🧹 Clean Slate

• Factory Reset Your New Phone
  Start fresh. Just in case spyware was installed remotely, do a full factory reset on your new phone. Don’t restore from a potentially compromised backup. Only reinstall apps you trust, and scan the phone with a mobile antivirus like Malwarebytes or Bitdefender.
• Recover Lost Cloud Data
  If your Google Drive, iCloud, or Dropbox was wiped, check the trash, version history, or any built-in recovery options. Also, review third-party app access and revoke anything you didn’t authorize.
• Consider a Digital Identity Reset
  If the attackers still have a foothold in your accounts, it may be time to start fresh. Create a new primary email, update your logins everywhere, and avoid reusing old phone numbers or email addresses for recovery.

🛡️ Ongoing Protection

Use app-based authentication across all services going forward. Never rely on SMS to protect your accounts. Turn on security alerts for logins, password changes, and any transactions.

📝 Legal and Cyber Support

Report the Crime

Even if local police seem uninterested, file a report. It helps for insurance, mobile carrier disputes, and documenting what happened. 

• In the U.S., report to the FTC and FBI’s Internet Crime Complaint Center (IC3.gov).
• If you’re in Canada, report the incident to the CRTC, CCTS, and the Canadian Anti-Fraud Centre. 

💬 Need Help?

You can also reach out to 911Cyber for support.
We assist victims of cybercrime, including cases like this. All messages are handled confidentially, and we can guide you through reporting, data recovery, and protecting your digital identity.

You’re not alone in this. With the right steps, you can recover, and come out of it more secure than ever before.