In a SIM swap, an attacker convinces a mobile carrier to transfer a victim's phone number to a SIM card the attacker controls. Once they own the number, every SMS OTP and 2FA code sent to that number goes to them, not the victim — rendering SMS-based security useless.
Think of it this way
Imagine someone walks into a post office, claims to be you, and asks all your mail to be redirected to their address. From that moment, everything sent to you goes to them — including your bank statements, password resets, and verification codes. SIM swap is that, but for your phone number.
The attacker first gathers personal information about the victim — name, date of birth, address, last 4 digits of their ID — often from social media or earlier data breaches. They call the mobile carrier, impersonate the victim, claim their phone was lost or damaged, and request a SIM replacement. Many carrier staff do not verify thoroughly. Once the swap completes, the victim's phone loses signal and the attacker receives all their calls and SMSes.
Scenario 1
In Nigeria, a fraudster uses a victim's NIN and date of birth (found on social media) to convince a network provider to port the victim's number. They then reset the victim's fintech app password using the SMS OTP, log in, and transfer all funds within minutes.
Scenario 2
An attacker targets a crypto exchange user, swaps their SIM, resets the account password via SMS, bypasses 2FA, and withdraws all cryptocurrency to an external wallet in under 10 minutes.
Anomira detects SIM swap patterns by identifying when a trusted user account suddenly authenticates from a completely new device or location, especially when combined with a recent OTP flood, and when the login is followed immediately by high-risk actions like password change or fund transfer.
See this attack in your live API traffic
Anomira detects sim swap fraud automatically — no configuration needed.