Banks and Financial Services
E-Commerce
Insurance
Mobile Messaging
Gaming & Gambling
Communication and Service Providers
Identity & Verification Providers
eBooks
News
Case studies
Podcasts
Developers
Viteza
FAQ
About us
Events
Careers
Contact us
Articles

Why this SIM-Swap Story is a Wake-up Call

Fergal Parkinson

6 min read
An article on sim-swap fraud awareness featuring a sim card.

There are lots of stories around about various financial scams these days — you can find a new one pretty much every day. But some stand out and gain greater traction so they end up being noticed by millions.

One of these was the recent story of Charlotte Morgan, a young Londoner, who in late August went, as she often did, to work out at her local gym in Chiswick, west London.

She was in celebratory mood as she arrived, having just landed a new job. But that joy soon turned to despair as she finished her training session and went to leave: her locker door was ajar and her rucksack was gone.

She soon found out that this had happened to other gym users too. It was an organised theft.

As well as other possessions, Charlotte had lost her phone, her bank card and her door keys. Being locked out of her flat and unable to release her bike from the railings outside, it soon became clear, were the least of her worries.

Within hours the thieves had gone on spending sprees around London, spending £3,000 in one Apple store alone, and thousands more at other shops.

Once she realised she had been targeted in this way — not easy when you suddenly have no phone to communicate with, no card to pay for travel or goods with, and can’t get into your own home to access other computer equipment — Charlotte was initially partially reassured that all the thieves would be able to take was what had been in her current account.

But the reality was to prove far worse. It soon emerged that the thieves had somehow been able to bypass all the security settings on her phone and had raided not just her current account but her savings. Within just a few hours they had taken the lot. Thousands of pounds that she had worked hard to accumulate over years had been stolen.

She was understandably shocked and devastated, but also mystified.

It had never occurred to her that just by stealing her handset, thieves would be able to attack her so grievously. She had believed herself further protected by PIN numbers to activate the apps on her phone.

It wasn’t until later that she found out how they had done it.

Charlotte explained: “A bank security expert explained to me how the scam is likely to have happened. Once the thief had my debit card, they didn’t need my smartphone — just the SIM card, which can be popped out of the side and inserted into another phone.

“This bypasses thumbprint security and facial recognition. It’s the digital equivalent of an open window in a house.

“Once into my account, the thief could reset the PIN online, and then change all my banking security passwords. It’s shockingly easy. I think the thief was able to do it in the taxi from the gym to the first Apple store.”

This is almost certainly what did happen and, if asked, I would have offered much the same explanation.

Swapping SIMs between handsets is very, very easy to do — with devastating consequences.

How mobile data can protect against SIM swap attacks

We at TMT ID can spot a SIM swap, as this scam is known, because the unusual transaction patterns that inevitably follow it are a tell. When someone like Ms Morgan has been a prudent saver for a long period, we can see that previous history. We don’t expect to see them raiding their savings account at night for thousands of pounds in repeat amounts, and so that becomes an instant red flag.

Of course SIM swap can and does take place constantly for legitimate reasons. Just last week I got a new iPhone myself. I did my back-up, changed my SIM over to the new handset and it immediately replicated my old home screen and contacts. The ease with which this happens is one of the major reasons people stick with the same phone brand, Apple or an Android rival, from one contract to the next.

Our security protocols would have been able to tell the difference between what happened to Charlotte and my innocent SIM switch because of the different behaviours around them: one innocent, one nefarious.

However, we can only monitor devices in this way if asked by an authorising client company when they in turn have users’ consent. In this case Charlotte’s bank doesn’t appear to have been using such backup security from an independent company like ourselves. And that’s not unusual, as this mostly happens only at the point a customer signs up to a new service — the point of onboarding as we call it.

I’m starting to wonder if it might be time for companies like Charlotte’s bank to run such services much more frequently. After all, each check only costs a few pence, and the amount they ended up having to reimburse her by alone would have paid for hundreds of thousands of such preventative measures.

But it’s not just cost that’s preventing these checks being used more widely — there’s also the question of privacy. While customers are used to being asked to authorise checks at the point of sign-up and to having their credit history investigated, they are understandably much more hesitant about agreeing to have their data checked on a more routine, ongoing basis.

So it may be some time yet before there are systems in place permanently to stop thieves targeting the next Charlotte Morgan in the same way.

How to protect yourself from SIM swap fraud

In the meantime, perhaps the best thing you can do is protect yourself by setting a PIN on your SIM card itself. This would stop thieves being able to complete a SIM swap without knowing that PIN.

On an iPhone, go to Settings and tap “Phone”. Next, tap “SIM PIN” to access the feature and activate it. Your SIM will come with a default PIN set by your mobile carrier, which you can then replace with your own.

I hope this helps in the short term. In the longer term, it would be nice to think that the business world could do more.

If you would like to find out more about the fraud protection services offered by TMT ID, drop us a line at info@tmtid.com.

Last updated on June 23, 2026

Contents

Related Articles

Hand holding smartphone with sports betting app on the screen against a background featuring an abstract design and text about silent authentication in gambling security article.

William Hill Gambled And Lost: Why The Only Future For The Gambling Industry Is Robust Mobile-Based Security

Exploring anti-spoofing strategies for phone calls with Fergal Parkinson's insights on 'TMT ID' to counter the number spoofing scam.

Are You iSpoof-Proof? Number Spoofing Scams & How to Stop Them

These are the top five scams of 2026


Ready to get started?

We provide the most comprehensive device, network and mobile numbering data available

Contact us > Chat to an expert >