The Text Scam That Can Take Over Your Phone Number
One fake Google text can lock you out of your entire digital life. Here's what to do about it.
You get a text that looks like it's from Google: "Your Gmail was accessed from Venezuela. Click here to recover your account." The page looks exactly like Google's real login. You type in your password. That's it. Scammers have everything they need to transfer your phone number to their device, lock you out of your bank accounts, and drain your retirement savings. This is happening right now. The folks who can't rebuild what's stolen? Retirees on fixed incomes.
What you'll learn
How the scam works
The scam starts with a text message that looks legitimate. It appears to come from Google, Microsoft, your bank, or another company you trust. The message says something urgent: "Your account was accessed from Venezuela" or "Suspicious activity detected."
There's a link. "Recover Account" or "Secure Your Account Now." You click it. You land on a page that looks exactly like the real thing. Same colors, same logo, same layout. You type in your email and password.
You just gave criminals your login.
Minutes later, they call your cell phone provider. They impersonate you. They provide some basic information they found online (your name, address, maybe the last four of your Social Security from an old data breach). They request a SIM card transfer. Your phone number moves to a SIM card they control.
Once they have your phone number: Every password reset code from your bank, Social Security account, Medicare portal, brokerage, and email goes to their phone. Not yours. They reset passwords. Change security settings. Lock you out of accounts you've had for decades. All while draining what they can access.
The scam starts with a text message that looks legitimate. It appears to come from Google, Microsoft, your bank, or another company you trust. The message says something urgent: "Your account was accessed from Venezuela" or "Suspicious activity detected."
There's a link. "Recover Account" or "Secure Your Account Now." You click it. You land on a page that looks exactly like the real thing. Same colors, same logo, same layout. You type in your email and password.
You just gave criminals your login.
Minutes later, they call your cell phone provider. They impersonate you. They provide some basic information they found online (your name, address, maybe the last four of your Social Security from an old data breach). They request a SIM card transfer. Your phone number moves to a SIM card they control.
Once they have your phone number: Every password reset code from your bank, Social Security account, Medicare portal, brokerage, and email goes to their phone. Not yours. They reset passwords. Change security settings. Lock you out of accounts you've had for decades. All while draining what they can access.
When it happened to my father
I've been in cybersecurity for 50 years. I present to FBI InfraGard. My clients have a perfect track record against ransomware. And my own father still fell for a phishing email.
Tuesday afternoon. Email that looked like it came from his bank. Problem with his account. Click here to verify. He clicked. Entered his credentials.
My stepmother noticed a remote access program running on his computer. Called me immediately. I connected remotely and found scammers actively searching his hard drive for financial documents. They were looking for a spreadsheet he kept with all his bank account numbers and passwords.
We caught them before they found it. We were lucky.
That's when I built ForwardToSafety. I asked myself: What would I build if the person I was protecting was my father? Simple answer: a service where you forward a suspicious email and get a plain-English verdict in under a minute. Safe, Suspicious, or Dangerous. No jargon. No software. Just forward the email to [email protected] and know for sure.
I've been in cybersecurity for 50 years. I present to FBI InfraGard. My clients have a perfect track record against ransomware. And my own father still fell for a phishing email.
Tuesday afternoon. Email that looked like it came from his bank. Problem with his account. Click here to verify. He clicked. Entered his credentials.
My stepmother noticed a remote access program running on his computer. Called me immediately. I connected remotely and found scammers actively searching his hard drive for financial documents. They were looking for a spreadsheet he kept with all his bank account numbers and passwords.
We caught them before they found it. We were lucky.
That's when I built ForwardToSafety. I asked myself: What would I build if the person I was protecting was my father? Simple answer: a service where you forward a suspicious email and get a plain-English verdict in under a minute. Safe, Suspicious, or Dangerous. No jargon. No software. Just forward the email to [email protected] and know for sure.
Warning signs you're being targeted
Unexpected texts about account access
Messages claiming your Gmail, Microsoft account, bank, or Social Security was accessed from another location. They often include specific cities or countries (Venezuela, Russia, China) to create urgency.
Phone service suddenly drops
Your phone suddenly shows "No Service" or "SOS Only." Restarting doesn't fix it. Someone may be transferring your number right now. Call your provider immediately from another phone.
Links in unexpected messages
Any text with a link you weren't expecting is suspect, even if it looks like a company you do business with. Banks and tech companies don't send account security links via text.
Password reset emails you didn't request
If you start getting password reset codes or notifications for accounts you didn't try to access, someone may already have some of your credentials and is testing what they can get into.
Unexpected texts about account access
Messages claiming your Gmail, Microsoft account, bank, or Social Security was accessed from another location. They often include specific cities or countries (Venezuela, Russia, China) to create urgency.
Phone service suddenly drops
Your phone suddenly shows "No Service" or "SOS Only." Restarting doesn't fix it. Someone may be transferring your number right now. Call your provider immediately from another phone.
Links in unexpected messages
Any text with a link you weren't expecting is suspect, even if it looks like a company you do business with. Banks and tech companies don't send account security links via text.
Password reset emails you didn't request
If you start getting password reset codes or notifications for accounts you didn't try to access, someone may already have some of your credentials and is testing what they can get into.
Three steps to protect yourself
Add a SIM PIN to your phone account
Call your cell phone provider today. Tell them you want a SIM PIN or SIM lock on your account. This creates a separate PIN required before anyone can transfer your phone number to another SIM card.
What each provider calls it:
- Verizon: "Number Transfer PIN"
- AT&T: "Extra Security" or "Passcode"
- T-Mobile: "Port Validation"
Turn on two-factor authentication
Enable 2FA for Gmail, bank accounts, Social Security, and any other financial accounts. But here's the part that matters: use an authenticator app, not text messages, whenever possible.
If someone swaps your SIM, they get your text messages. Authenticator apps like Google Authenticator or Microsoft Authenticator generate codes on your physical device. Scammers can't intercept those.
Never click links in text messages
If you get a text about account security, suspicious activity, anything urgent, don't click the link. Open your browser. Type the company's website yourself. Log in through the official site or app. If there's really a problem, you'll see it there.
Even better: Forward suspicious texts and emails to [email protected]. Get a verdict in 47 seconds. Safe, Suspicious, or Dangerous. No guessing.
If it's already happening
Your phone shows "No Service" and you can't make calls or receive texts:
- Use another phone or computer to contact your cell provider immediately
- Report SIM swap fraud and ask them to reverse the transfer
- Change passwords for email, banking, and financial accounts from a secure device
- Contact your bank and credit card companies to freeze accounts
- File a police report and report to FTC at IdentityTheft.gov
- Check your credit reports at AnnualCreditReport.com and consider a credit freeze
Your phone shows "No Service" and you can't make calls or receive texts:
- Use another phone or computer to contact your cell provider immediately
- Report SIM swap fraud and ask them to reverse the transfer
- Change passwords for email, banking, and financial accounts from a secure device
- Contact your bank and credit card companies to freeze accounts
- File a police report and report to FTC at IdentityTheft.gov
- Check your credit reports at AnnualCreditReport.com and consider a credit freeze
Forward. Know. Stay safe.
Got a suspicious email or text sitting in your inbox? Don't guess. Forward it to [email protected] and get a plain-English verdict in under a minute.
No signup. No app. No technical knowledge required. Just forward and know.
The bottom line
Your retirement savings, Social Security, bank accounts. All one text message away from being compromised. You spent decades building that security. Don't let a 30-second scam text destroy it. Add a SIM PIN today. Turn on two-factor authentication. And never click links in text messages you weren't expecting. Five minutes of prevention beats months trying to recover what's been stolen.
#SIMSwapping #PhishingScam #TextScam #RetirementSecurity #CyberSecurity #ProtectYourSavings #SeniorSafety
Want weekly tech and security insights that protect your retirement? Sign up for my Insider Notes Newsletter at CraigPeterson.com.
No hype. No jargon. Just practical guidance.