This piece walks through why losing control of your phone number can open the door to account takeovers, when changing the number helps, and the concrete steps to lock down wireless accounts, email, banks and identity so criminals stop coming back.
Getting your phone number stolen is terrifying, and getting hit again after you thought you fixed things is worse. “All my accounts have been hacked,” Lela said. Her story shows how a single compromised number can ripple through banking, email and shopping accounts and keep attackers looping back in.
Criminals use two main tricks: SIM swap and port-out. In a SIM swap scam an attacker convinces a carrier to move your number to a SIM or eSIM they control, and in port-out schemes they switch the number to a different carrier. Either way, your device loses service while the attacker starts getting your calls and texts, including security codes.
That access lets them request password resets, grab two-factor codes and walk into email or financial accounts. If you change your number immediately without fixing the other weaknesses, you may lose recovery paths or leave windows for attackers to keep resetting access. A new number can help, but it is not a cure-all.
Start with the wireless account itself. Call your carrier using the official number on a bill or the carrier website and ask them to investigate SIM swap attempts, port-out requests and any odd device activity. Do not call numbers that appear in suspicious texts or emails.
Ask the carrier to add protections like a strong account PIN, a port-out freeze or number transfer lock, SIM lock and the strictest verification available. Remove any unknown authorized users and insist on extra steps for future changes; this makes it much harder for criminals to move your number again.
Your email often controls everything else. If attackers have your inbox, they can keep undoing recovery changes. From a trusted device, change the email password, sign out all sessions, review recovery addresses and phone numbers, and delete any unfamiliar forwarding rules.
Replace text-based two-factor codes with stronger methods where possible. Use an authenticator app, security keys or passkeys for critical accounts like email, banks, Apple ID and Google accounts. These options stay secure even if someone briefly controls your phone number.
Before changing passwords, make sure your devices are clean. Update operating systems, remove unknown apps and run solid antivirus on any computer or phone you use for recovery. If your machine is infected, new passwords handed to it will get stolen right back.
If you spot fraudulent charges or cards being used before they arrive, treat it as possible identity theft. Call banks and credit card companies and ask for their fraud department. Cancel compromised cards, request new numbers, add verbal passwords where available, enable transaction alerts and ask about temporary limits on transfers or payment apps.
To stop new accounts from being opened in your name, place a credit freeze with the major bureaus and consider a fraud alert. File an identity theft report at IdentityTheft.gov to create an official recovery record that helps when dealing with banks and credit bureaus. Also consider using a data removal service to reduce exposed personal details on people-search and data broker sites.
Watch for warning signs that attacks are continuing: sudden SOS mode or loss of service, random security codes, alerts about new SIMs or PIN changes, small test charges, new payees or unfamiliar forwarding rules. If the red flags keep appearing after you lock things down, then changing the number may be worth it—but only after you update critical accounts and remove the old number from recovery settings.
Change the recovery phone number only after you secure email and financial logins, swap text 2FA for authenticators or keys, and confirm the carrier has locked the account. That order cuts the attack paths one by one so a new number actually helps instead of leaving you more exposed. Sign up for my FREE CyberGuy Report for extra tips and recommended tools to protect devices and accounts.
