Skip to content

Instantly share code, notes, and snippets.

@karllhughes

karllhughes/sim-swap.md

Last active January 15, 2026 06:57
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save karllhughes/91468397b6e275f05509eaa84e577eef to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save karllhughes/91468397b6e275f05509eaa84e577eef to your computer and use it in GitHub Desktop.
Download ZIP
What to do if you get Sim-Swapped
Raw
sim-swap.md

Here's how this attack works: https://www.google.com/amp/s/www.zdnet.com/google-amp/article/how-i-survived-a-sim-swap-attack-and-how-my-carrier-failed-me/

Immediate actions

  • Make sure your primary email address has a secure recovery method and remove your old phone number from it.
    • Gmail lets you set "Backup codes" that you can print off to recover your account.
    • Change your email password and put it in a password manager.
    • Remove any link to the old phone number from your email.
  • If you're already locked out of your email, set up a "clean" email account. At this point, your old one is being accessed by hackers and can be used to reset any banking passwords.
    • Store this new email password in a password manager.
    • You can also contact your email provider to ask about recovering the old email, but that may take a while, so you will want to switch as many accounts to the new email as possible.
  • Top concern is making sure hackers can't get access to your bank accounts, retirement funds, social security, file taxes, etc.
    • Change any financial institution passwords, store them in a password manager (see below).
    • If you had to move to a clean email address, make sure to change the email associated with your accounts as well.
    • Call bank, tell them your phone number has been stolen and you'd like to lock any major transactions for 30 days (or until you get your phone number back).
    • Make sure your financial advisor, and anyone who might email you sensitive data knows and uses your new clean email.
  • Go through all your other accounts online and change the passwords (and emails if necessary), storing each in a password manager.

Long-term tips

  • Reset all your passwords. Each account should use a 16+ character, randomly generated password. Use strongpasswordgenerator.com for this.
  • Store all passwords in a password manager (Last Pass, Encryptr, or Keeper).
    • To make your password manager "master password" secure, use a passphrase made of words. This site tells you how to make one: https://www.useapassphrase.com/
    • Don't store this passphrase digitally, but do write it down and store it in a safe place in the house or a lockbox.
  • Enable two factor authentication for every account possible.
  • Never share passwords in email. Use Privnote.com to create one-time links to passwords.
  • Lock your credit. This requires creating pins with all the credit bureaus, but it'll help minimize further identity theft risk.
  • Disable storing passwords in Google Chrome. This allows attackers eith your GMail access to all your accounts at once.
  • Inform your school and employer of the breach. They may want to take extra security matters especially if student data may have been compromised.
@MeCnd365
Copy link

MeCnd365 commented Jan 15, 2026

This hardly covers the attractive "what to fo if..."
NO SERIOUSLY I have been victim not once not twice...three....six or more times.
Let me say this loudly....How will I ever prove Satoshisagirl!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment