The Guide Liverpool HEROES 2025 
Community
Merseyside Police issue warning of stay-at-home criminals hijacking mobile phone numbers
5 hours ago
Merseyside Police is warning residents about a surge in SIM swapping fraud, a sophisticated cybercrime that has seen reports more than double nationally in 2023 and 2024, with 2,797 incidents reported in 2024 alone.
SIM swapping occurs when criminals gain unauthorised control of a victim’s mobile phone number by tricking mobile network providers into transferring the number to a device controlled by the fraudster. This enables criminals to intercept security codes sent via text message and bypass two-factor authentication on banking apps, social media accounts, and email services.
The rise of eSIM technology has created new vulnerabilities that criminals are increasingly exploiting. Unlike traditional SIM cards, eSIMs can be activated remotely without physical access to a device, making it easier for fraudsters to hijack phone numbers. The lack of universal security standards for eSIM activation across mobile networks further increases the risk to the public.
Detective Sergeant Danny Gavin from Merseyside Police Cybercrime Unit said:
“People rely on their mobile phones as part of modern life, but most don’t realise how dependent they are on keeping their mobile phone number safe. In the past, it wasn’t something that people generally needed to think about, but now they do – your phone number has become a bit like a key to your entire digital identity.
“SIM swapping is what we call a gateway offence – once criminals control your phone number, they can commit more fraud. We’re seeing UK-based offenders increasingly involved, with many operating from domestic addresses. These are stay-at-home criminals who are digitally savvy and understand that most people are unaware of how easily their mobile number can be hijacked and used to bypass security on financial and personal accounts.”
The fraud typically uses social engineering techniques, where criminals will research potential victims through social media and public records or impersonate the mobile phone provider to gather personal details about the victim. Then they will either impersonate the victim when contacting mobile network providers or hack into the victim’s online mobile phone account, claiming they need a SIM replacement due to a lost or damaged device.
Detective Sergeant Gavin, Merseyside Police added:
“The fraud can have devastating consequences, with criminals able to systematically take over multiple online accounts, order expensive goods, make money transfers and steal personal information. Many victims discover the attack only after significant financial damage has occurred.
“A recent victim in Merseyside had their email account hacked, which led to their phone SIM being swapped to a different provider. After that, the mobile number was taken over and the offender attempted a bank transfer of £1,000. Thankfully, this was not successful but it’s a good example of how one online security weakness was exploited and once the door was opened, the criminal made the most of the opportunity.”
Warning signs of SIM swapping include sudden loss of mobile service, unexpected text messages about account changes, or emails about account changes, inability to access accounts or unauthorised transactions.
The public can protect themselves by following good online security practices – taking simple steps to keep accounts safe and secure. This includes using strong, unique passwords for every account and regularly updating mobile device software to protect against known security vulnerabilities.
Multi-factor authentication (MFA) – using two or more different ways to prove your identity when logging into accounts – provides crucial protection. However, security codes passed by SMS message or email should be avoided where possible and instead authenticator apps like Google Authenticator or Microsoft Authenticator should be used, as these cannot be intercepted when phone numbers are compromised. Where possible, consider enabling biometrics such as fingerprint verification.
Never provide personal information, passwords, or security codes to anyone who contacts you unexpectedly, even if they claim to be from your mobile provider. Legitimate companies will never ask for these details over the phone or via text message.
Mobile phone users with eSIMs, online shoppers using services like PayPal and Klarna, and small businesses or freelancers relying heavily on mobile devices should be particularly vigilant and familiarise themselves with these preventative measures.
Merseyside Police urges anyone who believes they have been targeted by SIM swapping to contact Action Fraud at www.actionfraud.police.uk or call 0300 123 2040. If you receive unexpected messages about SIM changes or account updates, contact your provider directly using official numbers immediately.
For more information on staying safe online, visit the National Cyber Security Centre website.
Keep up to date with news around Liverpool on TheGuideLiverpool.com.
Find out what’s good up North on our new platform, The Northern Guide.
Subscribe
Follow Us
Follow Us
Follow Us
Follow Us
Follow Us
