Skip to content
What took you so long?

AT&T rolls out Wireless Account Lock protection to curb the SIM-swap scourge

Move is aimed at curbing a form of abuse that costs subscribers dearly.

Dan Goodin | 61
Credit: Getty Images
Credit: Getty Images
Story text

AT&T is rolling out a protection that prevents unauthorized changes to mobile accounts as the carrier attempts to fight a costly form of account hijacking that occurs when a scammer swaps out the SIM card belonging to the account holder.

The technique, known as SIM swapping or port-out fraud, has been a scourge that has vexed wireless carriers and their millions of subscribers for years. An indictment filed last year by federal prosecutors alleged that a single SIM swap scheme netted $400 million in cryptocurrency. The stolen funds belonged to dozens of victims who had used their phones for two-factor authentication to cryptocurrency wallets.

Wireless Account Lock debut

A separate scam from 2022 gave unauthorized access to a T-Mobile management platform that subscription resellers, known as mobile virtual network operators, use to provision services to their customers. The threat actor gained access using a SIM swap of a T-Mobile employee, a phishing attack on another T-Mobile employee, and at least one compromise of an unknown origin.

This class of attack has existed for well over a decade, and it became more commonplace amid the irrational exuberance that drove up the price of bitcoin and other cryptocurrencies. In some cases, scammers impersonate existing account holders who want a new phone number for their account. At other times, they simply bribe the carrier's employees to make unauthorized changes.

People storing large sums of digital coin have been frequent targets. Once crooks take control of a phone number, they trigger password resets that work by clicking on links sent in text messages. The crooks then drain cryptocurrency and traditional bank accounts.

On Tuesday, AT&T revealed Wireless Account Lock, a new protection designed to curb the SIM-swap scams. When activated, the lock prevents changes from being made to a SIM until it's turned off again. The on/off button for Wireless Account Lock is available in the settings of the myAT&T mobile app.

AT&T's move comes years after T-Mobile and Verizon started offering similar protection services. The Federal Communications Commission in 2023 also implemented new rules it said would make unauthorized SIM swaps harder to carry out.

Wireless Account Lock prevents changes from being made to other types of account information, including billing information and authorized users. Wireless Account Lock is also available for business subscribers, although it works slightly differently. More about the new protection is available here.

Photo of Dan Goodin
Dan Goodin Senior Security Editor
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.
61 Comments
Prev story
Next story