ScamWatch

If you feel you're being scammed in United States: Contact the Federal Trade Commission (FTC) at 1-877-382-4357 or report online at reportfraud.ftc.gov

eSIM, Number‑Porting & Port‑Out Scams: How to Lock Your Mobile Number Now

Flat lay of a tax preparation workspace with calculator, envelope, and colorful numbers.

Why your phone number is a target

Attackers use SIM‑swap and port‑out schemes to take control of your phone number, intercept one‑time codes, bypass SMS 2‑factor authentication, and reset passwords on email, banking, and crypto accounts. In recent years U.S. law enforcement and security agencies have repeatedly warned consumers about these scams and recommended both carrier and personal safeguards.

At the same time, embedded SIMs (eSIMs) and remote provisioning make it easier than ever to move a number between devices — a convenience that fraudsters exploit. Security researchers and the GSMA released advisories in 2025 about vulnerabilities that can affect eUICC/eSIM implementations; while exploitation generally requires specific conditions, the disclosures underline the need to harden account and porting protections with your carrier.

What this guide covers

  • Concrete, reversible ways to “freeze” or lock your number across major carriers.
  • What to ask your carrier (exact questions and script you can use).
  • Immediate steps and reporting actions if your number is ported or swapped.

How to lock your mobile number — step‑by‑step

Most major carriers now offer free controls that block SIM changes and number transfers. Below are practical actions you should take immediately. After each carrier step we list the official support reference you can cite when you call.

Universal steps (works for any carrier)

  1. Enable a SIM/Account lock or "port freeze" — Ask your carrier to place a port freeze, SIM protection, Number Lock, or Wireless Account Lock on your line so no port or SIM change can be processed without your explicit action.
  2. Create or change a strong account PIN or passcode — Pick a 6–15 digit PIN (non‑sequential, not based on your DOB, SSN, or phone). Do not use the last 4 of your SSN or other easily guessed data.
  3. Remove SMS as primary 2FA — Move critical accounts to authenticator apps (Google Authenticator, Authy) or hardware security keys (FIDO2/WebAuthn) where possible.
  4. Turn on carrier notifications — Require immediate alerts (email and SMS) for any account changes, SIM swaps, or port requests.
  5. Log and verify — Keep a written note of the representative’s name, badge/ID number and case or ticket number for any changes you request.

Carrier examples — what to enable and where to find it

  • AT&T: Turn on Wireless Account Lock, set a Number Transfer PIN when you actually need to port, and use the myAT&T app or *PORT to generate a temporary Number Transfer PIN. If Wireless Account Lock is on, porting is blocked until you turn it off.
  • Verizon: Enable SIM Protection and Number Lock via My Verizon (app or website). Number Lock prevents the number from being ported out unless you explicitly turn it off.
  • T‑Mobile: Use SIM Protection and add Port Out Protection or enable an account PIN/biometric verification via the T‑Life app or my.T‑Mobile. Port Out Protection must be added per line.

These features are intended to be free and reversible; ask your carrier to walk you through removing the protection only if you personally initiate a legitimate port. If a carrier rep resists offering a lock, ask to escalate to fraud or security support and cite the carrier’s public support page or the FCC’s guidance on port‑freeze options.

What to ask your carrier — exact questions & a script

When you call or chat, be direct. Keep these questions handy and record the agent’s name and ticket number.

AskWhy
"Please enable a port freeze/Number Lock/SIM Protection on my line right now."Stops any port or SIM change until you remove it.
"Can you set or change my account PIN now? I will not share it with anyone."Prevents social‑engineered changes over phone/chat.
"Will you send me an email and text notification for any port or SIM change attempt?"Early warning so you can react immediately.
"If I need to port, what is your secure process to remove the freeze and how long does the Number Transfer PIN stay valid?"Understand the legitimate removal/porting steps so you aren’t locked out later.
"Please escalate this to fraud/security if you can’t enable the lock now; give me the case ID."Fraud teams can add additional monitoring and trace attempts.

Sample phone script

Hi — my name is [Your Name]. I want to secure my account from unauthorized SIM swaps and port‑outs. Please enable the port freeze (Number Lock/SIM Protection/Wireless Account Lock) on my line ending in [last 4 digits].
Also, please set/update my account PIN now. I want email and SMS alerts for any port or SIM change attempts. Can you confirm the case number and the agent on this call?

If the agent says the feature isn't available, ask to speak with fraud or security and refer to the carrier support pages that offer Number Lock, Port Out Protection, or Wireless Account Lock. If you receive pushback, note the rep’s name and escalate — carriers are required by recent FCC rules and industry best practices to provide port‑freeze options to consumers.

If your number has already been ported or swapped — immediate steps

  1. Contact your carrier’s fraud line immediately: Use *611 from any phone or the carrier’s published fraud number or chat (Verizon, AT&T and T‑Mobile all provide priority fraud channels). Ask them to reverse the port and restore your line if possible. Keep the ticket/case number.
  2. Report to law enforcement and IC3: File a report with your local police and the FBI Internet Crime Complaint Center (IC3). The FBI recommends contacting your financial institutions and disabling SMS‑based 2FA right away.
  3. Lock or monitor financial accounts: Contact banks, brokerage, and crypto exchanges immediately. Ask them to require additional verification for any transactions and to disable SMS 2FA for your accounts until you regain control.
  4. Document everything: Note dates, times, rep names, and any confirmation IDs; this helps carriers and law enforcement investigate.

Longer‑term hardening

  • Use authenticator apps or hardware security keys for all sensitive accounts, and remove your phone number as the primary recovery option where possible.
  • Monitor credit reports and consider a credit freeze if identity information was exposed.
  • Watch for suspicious messages (smishing) and robocalls that may be follow‑on fraud attempts.

Although the eSIM ecosystem continues to evolve and recent technical disclosures show some implementation risks, the single most effective consumer control today is carrier account hardening: port freezes, account PINs, and removing SMS as a recovery channel wherever possible.

Bottom line & quick checklist

Make these four checks today — they only take a few minutes but dramatically reduce your risk:

  • Enable your carrier’s port freeze / Number Lock / SIM Protection. (Do this for every line.)
  • Set a unique account PIN or passcode (6–15 digits; non‑sequential).
  • Move sensitive accounts off SMS 2FA to authenticator apps or hardware keys.
  • Know your carrier’s porting process and keep fraud contact numbers handy.

If you want, print the carrier script in this article and use it when you call. If you’re concerned about emerging eSIM implementation risks, ask the carrier what protections they have for eSIM profiles (remote provisioning monitoring, certificate management) and request that they add extra monitoring to your line. For public advisories on eSIM security and industry recommendations, see the GSMA and recent security disclosures.

If you’d like, we can generate a customized phone script with your carrier name and the exact wording to paste into a live chat or e‑mail — tell us which carrier you use and whether the account is business or personal.

Related Articles

Mini shopping cart with rolled cash next to a laptop, representing online shopping.

Marketplace Payment Scams: How the 'Overpayment' and Fake Zelle‑Business Tricks Work

A set of smart home devices including a camera, speaker, and lightbulb on a white background.

Smart‑Speaker Skill Scams: How Alexa, Google Assistant and Home Hubs Are Being Weaponized (and How to Lock Them Down)

Scrabble tiles spelling 'Do What You Love' on a minimalist white background.

Why Robocalls Keep Getting Worse — Spoofing, Call Farms, and What You Can Do Right Now