SIM Swap Scam in Pakistan: How It Works & How to Stay Safe

SIM Swap Scam in Pakistan: How It Works & How to Stay Safe

Your mobile number is no longer just a way for people to call you. It is the key to your bank account, your JazzCash or Easypaisa wallet, your WhatsApp, your email, and almost every app that sends you a one-time password. That is exactly why criminals want it, and SIM swap fraud has become one of the fastest-growing scams in Pakistan.

In a SIM swap, a fraudster takes control of your phone number by getting a duplicate SIM issued in your name. The moment that happens, every call, SMS, and verification code meant for you starts going to them instead. By the time your own SIM goes dead, they may already be inside your bank account.

This guide explains how SIM swap scams and related SIM fraud work in plain language, the red flags to watch for, and the practical steps you can take to protect your money and your identity. You can also use the SIM Owner Details checker on this site to confirm exactly who a number is registered to before you trust a caller.

What Is SIM Swap Fraud?

SIM swap fraud, sometimes called SIM splitting or a port-out scam, is when someone convinces a mobile operator to move your phone number onto a SIM card they control. Legitimate SIM swaps happen all the time, for example when you lose your phone and ask Jazz, Zong, Telenor, Ufone, or SCO for a replacement SIM. The scam version is the same process carried out by a criminal pretending to be you.

Once the number is on the new SIM, the attacker receives your text messages and calls. Most banking apps and mobile wallets send their login codes and transaction approvals by SMS, so whoever holds the number can reset passwords and approve transfers. This is what makes the attack so damaging: the fraudster does not need to break your password. They simply intercept the code that is supposed to protect you.

Why SIM Fraud Is Rising So Fast in Pakistan

The numbers tell the story. Reporting across 2024 and 2025 shows SIM swap attacks in Pakistan more than doubling, with some estimates putting the increase above 120 percent year on year. Media and industry figures place total losses from SIM-related fraud in the tens of billions of rupees, driven largely by the link between mobile numbers and mobile money.

A single case shows how serious it can get. In late 2025, the Pakistan Telecommunication Authority (PTA) fined Ufone Rs 77.8 million after a duplicate SIM was issued for a customer’s number without his consent. That unauthorised swap was then used to carry out fraudulent banking transactions, and the customer lost around Rs 8.5 million. The financial fraud went to the National Cyber Crime Investigation Agency, while the operator was penalised for failing to follow proper verification rules.

There are a few reasons this type of fraud thrives here. Mobile wallets such as JazzCash and Easypaisa are tied directly to phone numbers, so capturing a number often means capturing the wallet. Leaked CNIC copies circulate widely, giving criminals the identity details they need. And in some cases, dishonest franchise staff have been bribed to bypass biometric checks. Law enforcement has pushed back, with PTA and FIA raids seizing thousands of illegal SIMs, but the demand for stolen numbers keeps the scam alive.

How a SIM Swap Scam Actually Works

Understanding the steps helps you spot the attack while there is still time to stop it. A typical SIM swap unfolds like this.

Step 1: They collect your information. Before anything else, the fraudster gathers enough about you to impersonate you. This can come from a leaked database, a phishing message, your social media, or a stolen CNIC photocopy. They want your name, CNIC number, mobile number, and sometimes your date of birth.

Step 2: They request a replacement SIM. Posing as you, the attacker approaches your operator through a franchise, a helpline, or forged paperwork. They claim your phone was lost or the SIM is damaged and ask for a duplicate. If the verification is weak or an employee is complicit, the request is approved.

Step 3: Your SIM goes dead. As soon as the new SIM is activated, yours stops working. You suddenly have no signal, no calls, and no messages, often with no warning. Many victims assume it is a network outage and lose precious hours before realising what has happened.

Step 4: They take over your accounts. Now holding your number, the fraudster requests password resets and OTPs for your bank, mobile wallet, email, and social media. Because the codes arrive on the SIM they control, they sail through every security check.

Step 5: They drain and disappear. Money is transferred out of bank accounts and wallets, often within minutes. By the time you restore your own SIM and log in, the funds are gone and the trail has gone cold.

Other Common SIM-Related Scams to Know

SIM swap is the headline threat, but it usually travels with a few companions. Watching for all of them gives you better protection.

OTP and phishing calls. A caller pretends to be from your bank, a lottery, or even a telecom helpline, and creates panic by saying your account is at risk. They then ask you to read out an OTP, PIN, or card number to “secure” it. No real bank or operator ever asks for these. The moment someone requests your code, hang up.

Unauthorised SIMs registered on your CNIC. Criminals use leaked or photocopied CNICs to register SIMs in your name without your knowledge. These ghost SIMs may be used for fraud or other crimes, and because the line sits under your identity, you can be held legally responsible. PTA allows a limited number of connections per CNIC, generally five voice SIMs and three data SIMs, and you should know exactly which ones are really yours.

SIM cloning and lost-phone takeovers. If your handset is stolen along with an unlocked screen, an attacker may already have access to apps and codes before you can block anything. Keeping your SIM PIN enabled adds a useful extra lock.

If you ever receive a call from an unfamiliar number and want to know which network and identity it traces back to, the SIM Tracker tool lets you verify a number quickly instead of guessing.

Warning Signs Your SIM May Have Been Swapped

Speed matters more than anything once an attack begins. These signals deserve immediate attention:

  • Your phone shows “No Service” or “SOS only” for an unusually long time while others around you have signal.
  • You stop receiving calls and texts, including expected OTPs.
  • You get an SMS or email about a SIM replacement, password change, or new device login that you did not request.
  • Friends or family say your number called or messaged them with strange requests.
  • Your banking or wallet app suddenly logs you out or rejects your usual password.

If two or more of these happen together, treat it as an emergency rather than a glitch.

How to Protect Yourself From SIM Swap Fraud

You cannot control every leaked database, but you can make yourself a much harder target and catch problems early. Here is what actually works.

1. Check Which SIMs Are Registered on Your CNIC

This is the single most important habit. Send your 13-digit CNIC number (without dashes) by SMS to 668 from any phone, and you will receive a reply listing how many SIMs are registered against your identity across all networks. You can also check the same information on the official portal at cnic.sims.pk. Do this every month and compare it against the SIMs you actually own.

For a clearer, ongoing view of what is tied to your identity, the CNIC Tracker on this site helps you keep records of your registered connections so an unfamiliar line stands out instantly. Note that 668 shows all SIMs on your CNIC, while 667 is used to check the registered owner of a specific SIM in your possession.

2. Block Any SIM You Do Not Recognise

If the count is higher than it should be, act the same day. Note the network operator shown beside the unknown number, then visit that operator’s official franchise with your original CNIC. Ask to disown the unauthorised SIM, complete the biometric thumb scan, sign the disowning form, and keep the receipt and reference number. After 24 to 48 hours, re-check 668 to confirm the line is gone. Biometrically disowned SIMs are permanently blocked and cannot be reactivated.

3. Lock Down Your Bank and Wallet

Where your bank or wallet offers it, switch from SMS-based codes to an authenticator app, which a SIM swap cannot intercept. Set up transaction alerts so any movement is flagged instantly, and never reuse the same password across your phone number, email, and banking apps. Treat your email as part of your security, because resetting it can unlock everything else.

4. Never Share OTPs, PINs, or CNIC Copies Loosely

Your OTP is the last line of defence, so guard it like a house key. Do not read codes aloud to callers, do not forward them, and do not type them into links sent by SMS or WhatsApp. Be just as careful with photocopies of your CNIC; hand them over only to verified institutions, and where possible write the purpose and date across the copy.

5. Verify Before You Trust a Caller

Scammers rely on urgency and fake authority. If a caller claims to be from your bank or a courier and pressures you to act, end the call and ring the official number yourself. When you want to confirm where an unknown call or message is coming from, Trace Location lets you check the number’s network and origin before you decide how to respond.

What to Do If You Are Already a Victim

If you believe a SIM swap is underway, every minute counts. Move through these actions quickly:

  1. Restore your number. Visit your operator’s franchise with your original CNIC and request an emergency block of the fraudulent SIM and reissue of your line.
  2. Freeze your money. Call your bank and wallet providers, report the fraud, and ask them to freeze accounts and reverse any pending transfers.
  3. Change your passwords. Once your number is back under your control, reset passwords for banking, email, and social media, and enable app-based two-factor authentication.
  4. File a complaint. Lodge a report with PTA through the complaints portal at complaint.pta.gov.pk or the helpline 0800-55055. For multiple unauthorised SIMs, file a police FIR citing the Prevention of Electronic Crimes Act (PECA) 2016, and report financial fraud to the National Cyber Crime Investigation Agency.
  5. Keep your evidence. Save screenshots, SMS records, reference numbers, and receipts. They strengthen your case and speed up recovery.

A quick note on the law: accessing someone else’s SIM or CNIC data without authorisation is itself an offence under PECA 2016. Always rely on official, PTA-approved methods to verify SIM information, and avoid shady “SIM database” sites that sell stolen data and put you at legal risk.

It is when a criminal tricks your mobile operator into moving your phone number onto a SIM card they hold. They then receive your calls and texts, including the OTPs that protect your bank account, and use them to steal money or take over your accounts.

Send your 13-digit CNIC number by SMS to 668, or visit the official portal cnic.sims.pk. You will see the total count of SIMs registered against your identity across all networks. Keeping a personal record through a tool like the check how many SIMs are registered on your CNIC guide makes it easier to spot anything that should not be there.

Code 668 shows every SIM registered on your CNIC, which is what you use to detect unauthorised lines. Code 667 is used to check the registered owner details of a specific SIM that you physically hold.

The clearest sign is your phone losing all service for an unusually long time while others nearby have signal, along with stopped calls and texts. You may also get alerts about a SIM replacement or password change you never requested.

Yes. Because banks and mobile wallets like JazzCash and Easypaisa send verification codes by SMS, a fraudster who controls your number can reset passwords and approve transfers, often draining accounts within minutes.

No. Accessing another person’s SIM or CNIC information without authorisation is an offence under PECA 2016. You may legally check the SIMs registered on your own CNIC and verify ownership through official, PTA-approved channels.

At least once a month is a good habit. Set a recurring reminder to send your CNIC to 668. The check takes under a minute and can save you from major losses and long legal disputes.

Final Thoughts

SIM swap fraud works because it quietly turns your own phone number against you. The good news is that it is also one of the more preventable scams once you know the playbook. Check your CNIC regularly, block anything you do not recognise, protect your OTPs, and move app-based security in front of SMS codes wherever you can.

Staying alert costs nothing, while ignoring the risk can cost everything tied to your number. Make verification a routine, treat sudden loss of signal as a warning rather than a nuisance, and you take away the one thing every SIM scammer depends on: your silence while they work.