Phone Number “Cloning” Scams: How Criminals Are Taking Control of Accounts and How to Stop Them

By Catch a Thief UK News & Education

A growing number of fraud cases across the UK are being linked to what is commonly described as “phone number cloning.” In reality, this term covers two distinct techniques used by criminals to impersonate victims or take full control of their mobile number often leading to bank fraud, identity theft, and account takeovers.

Understanding how these scams work is now essential for both the public and businesses.

The Two Types of “Phone Number Cloning”

The first and most common method is known as caller ID spoofing. This allows a fraudster to disguise the number they are calling from so that it appears to be a trusted source, such as a bank, government body, or even a local number. While alarming, this method does not give the criminal access to the victim’s phone or messages. It is primarily used to build trust and manipulate individuals into revealing sensitive information.

The second method, far more serious, is called a SIM swap or number hijacking. In this scenario, a criminal convinces a mobile network provider to transfer a victim’s phone number onto a SIM card in their possession. Once successful, the fraudster gains control of all calls and text messages, including one-time passcodes used for secure logins.

This effectively hands over control of the victim’s digital identity.

How These Attacks Happen

SIM swap fraud is rarely random. It typically begins with the collection of personal data. Criminals gather information from social media profiles, data breaches, phishing messages, or direct contact with the victim through spoofed calls.

Armed with enough personal details, the fraudster contacts the mobile provider, impersonating the victim and requesting a replacement SIM card. If the provider’s security checks are bypassed, the number is transferred.

At that point, the victim’s phone will suddenly lose signal. This is often the first and only warning sign.

Within minutes, the criminal begins resetting passwords, accessing email accounts, and attempting to breach banking and financial services using intercepted text message verification codes.

Why These Scams Are So Effective

Many online services still rely on SMS-based verification as a primary layer of security. Once a criminal controls a phone number, they can intercept these codes and bypass protections designed to keep accounts secure.

This allows rapid access to multiple accounts in a short period of time, often before the victim realises what has happened.

Warning Signs to Watch For

Members of the public should remain alert to several key indicators. A sudden and unexplained loss of mobile signal is one of the most critical. Devices showing “no service” or “emergency calls only” should be treated as a potential red flag.

Other warning signs include unexpected password reset notifications, messages about SIM activation, or being locked out of accounts without explanation.

How to Protect Yourself

Security experts advise that individuals should not rely solely on text message verification to secure important accounts. Instead, the use of authenticator apps or passkeys is strongly recommended, as these methods are not tied to a mobile number.

Mobile users should also contact their network provider to set up additional security measures, such as a port-out PIN or account password, which must be provided before any number transfer can take place.

Limiting the amount of personal information shared online is another key defence. Details such as date of birth, address, and family names are often used by criminals to pass identity checks.

Crucially, individuals should treat all unsolicited calls with caution, even if the number appears legitimate. If in doubt, hang up and contact the organisation directly using official contact details.

What To Do If You Are Targeted

If a phone suddenly loses signal without explanation, immediate action is essential. Contact your mobile provider from another device to check whether a SIM swap has been requested. At the same time, inform your bank and secure your email account, as this is often the gateway to other services.

Speed is critical in preventing further damage.

Advice for Businesses

Businesses, particularly those handling payments or sensitive customer data, face an increased risk from these attacks. Staff should be trained to recognise social engineering tactics and to follow strict verification procedures before making any changes to account details.

Reliance on SMS-based security alone is no longer sufficient. Multi-layered authentication systems should be implemented wherever possible.

A Growing Threat

As fraud methods continue to evolve, phone number-based attacks are becoming a preferred tactic due to their effectiveness and relatively low technical barrier.

The key message remains clear: a phone number should no longer be treated as a secure form of identity.

Public awareness and rapid response are now the strongest defences against this increasingly common form of fraud.