'%3e%3cpath%20d='M0,0%20v30%20h60%20v-30%20z'%20fill='%23012169'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23fff'%20stroke-width='6'/%3e%3cpath%20d='M0,0%20L60,30%20M60,0%20L0,30'%20stroke='%23C8102E'%20stroke-width='4'%20clip-path='url(%23s)'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23fff'%20stroke-width='10'/%3e%3cpath%20d='M30,0%20v30%20M0,15%20h60'%20stroke='%23C8102E'%20stroke-width='6'/%3e%3c/g%3e%3c/svg%3e)
UK
%20--%3e%3cuse%20href='%23s'%20x='0'%20y='0'/%3e%3cuse%20href='%23s'%20x='494'%20y='0'/%3e%3cuse%20href='%23s'%20x='988'%20y='0'/%3e%3cuse%20href='%23s'%20x='1482'%20y='0'/%3e%3cuse%20href='%23s'%20x='1976'%20y='0'/%3e%3cuse%20href='%23s'%20x='2470'%20y='0'/%3e%3cuse%20href='%23s'%20x='247'%20y='210'/%3e%3cuse%20href='%23s'%20x='741'%20y='210'/%3e%3cuse%20href='%23s'%20x='1235'%20y='210'/%3e%3cuse%20href='%23s'%20x='1729'%20y='210'/%3e%3cuse%20href='%23s'%20x='2223'%20y='210'/%3e%3cuse%20href='%23s'%20x='2717'%20y='210'/%3e%3cuse%20href='%23s'%20x='0'%20y='420'/%3e%3cuse%20href='%23s'%20x='494'%20y='420'/%3e%3cuse%20href='%23s'%20x='988'%20y='420'/%3e%3cuse%20href='%23s'%20x='1482'%20y='420'/%3e%3cuse%20href='%23s'%20x='1976'%20y='420'/%3e%3cuse%20href='%23s'%20x='2470'%20y='420'/%3e%3cuse%20href='%23s'%20x='247'%20y='630'/%3e%3cuse%20href='%23s'%20x='741'%20y='630'/%3e%3cuse%20href='%23s'%20x='1235'%20y='630'/%3e%3cuse%20href='%23s'%20x='1729'%20y='630'/%3e%3cuse%20href='%23s'%20x='2223'%20y='630'/%3e%3cuse%20href='%23s'%20x='2717'%20y='630'/%3e%3cuse%20href='%23s'%20x='0'%20y='840'/%3e%3cuse%20href='%23s'%20x='494'%20y='840'/%3e%3cuse%20href='%23s'%20x='988'%20y='840'/%3e%3cuse%20href='%23s'%20x='1482'%20y='840'/%3e%3cuse%20href='%23s'%20x='1976'%20y='840'/%3e%3cuse%20href='%23s'%20x='2470'%20y='840'/%3e%3cuse%20href='%23s'%20x='247'%20y='1050'/%3e%3cuse%20href='%23s'%20x='741'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1050'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1050'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1050'/%3e%3cuse%20href='%23s'%20x='0'%20y='1260'/%3e%3cuse%20href='%23s'%20x='494'%20y='1260'/%3e%3cuse%20href='%23s'%20x='988'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1260'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1260'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1260'/%3e%3cuse%20href='%23s'%20x='247'%20y='1470'/%3e%3cuse%20href='%23s'%20x='741'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1235'%20y='1470'/%3e%3cuse%20href='%23s'%20x='1729'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2223'%20y='1470'/%3e%3cuse%20href='%23s'%20x='2717'%20y='1470'/%3e%3cuse%20href='%23s'%20x='0'%20y='1680'/%3e%3cuse%20href='%23s'%20x='494'%20y='1680'/%3e%3cuse%20href='%23s'%20x='988'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1482'%20y='1680'/%3e%3cuse%20href='%23s'%20x='1976'%20y='1680'/%3e%3cuse%20href='%23s'%20x='2470'%20y='1680'/%3e%3c/g%3e%3c/svg%3e)
USA
What to do if…
you receive an eSIM activation message or QR code you did not request
Short answer
Treat it as a possible SIM-swap attempt: do not scan the QR code, and contact your mobile network immediately using a trusted number to block any eSIM or number-transfer change.
Do not do these things
- Don’t scan the QR code or follow links in the message “to cancel” or “verify”.
- Don’t reply to the message, and don’t share any one-time passcodes (OTP), security codes, or account PINs with anyone who contacted you.
- Don’t call back a number provided in the message. Use the number from your bill, your network’s official app, or your network’s official website.
- Don’t assume it’s harmless just because your phone still has signal — act before service is taken over.
- Don’t rush to factory-reset your phone. This rarely helps and can make recovery harder.
What to do now
-
Pause the activation path immediately.
Don’t scan the QR code, don’t tap any “set up eSIM” prompts, and don’t enter codes into any website/app linked from the message. -
Contact your mobile network right away (use another phone if you can).
Say: “I received an eSIM activation/number transfer message I did not request. Please block any SIM/eSIM swap or number transfer and secure my account.”
Ask for:- A block/freeze on SIM swaps and number transfers (the name varies by network).
- A new account security PIN/password on the mobile account (not one you’ve used elsewhere).
- Confirmation of whether any eSIM has been issued or any change is pending, and how it was requested (online / phone / store).
- A reference number for the contact and a note added: “suspected unauthorised SIM/eSIM change”.
-
Check whether your number is already being affected.
Warning signs include: sudden loss of signal, “no service”, calls/texts failing, or OTP texts no longer arriving.
If you’ve lost service, tell the network this may already be an active SIM swap and you need your number restored and the account locked down. -
Immediately secure accounts that rely on SMS codes — starting with your email.
From a device/account you still control:- Change the password on your primary email account first.
- Then change passwords for banking, payment apps, and any account that can reset other passwords (Apple ID/Google account, key social accounts).
- Where possible, switch away from SMS two-factor codes to an authenticator app or passkey.
-
Notify your bank(s) and payment providers if anything looks off.
If you see unfamiliar login alerts, password resets you didn’t do, or unusual transactions, contact your bank’s fraud team and ask them to add extra verification and monitor/hold high-risk transfers. -
Report it if you believe it’s fraud or you’ve suffered loss.
- If you’re in England, Wales or Northern Ireland, report via Report Fraud (Action Fraud) so you have a reference for banks/providers.
- If you’re elsewhere in the UK, use your local police reporting route if needed.
-
If your provider is slow, escalate inside the provider immediately.
Ask for their fraud/security team. Keep a simple timeline: time the message arrived, what it said, what you did, and what service changes you noticed.
What can wait
- You don’t need to decide today whether to change mobile networks, change your phone, or change your number.
- You don’t need to do a full device wipe or reinstall apps right now.
- You don’t need to confront the sender — focus on locking the number and securing key accounts first.
Important reassurance
These messages are designed to rush you into scanning or “verifying.” Often it’s still preventable if you avoid the QR/link, get the provider to lock the account, and secure your email and financial access quickly.
Scope note
This is first-steps guidance to stabilise the situation and reduce immediate risk. If money was taken or accounts were accessed, you may need follow-up support from your bank, your mobile provider’s fraud team, and formal reports to support disputes.
Important note
This is general information, not legal, financial, or technical advice. Names for “SIM swap/transfer locks” vary by mobile network. If you feel overwhelmed, use a trusted friend’s phone to contact your network and bank and take it one call at a time.
Additional Resources
- https://www.met.police.uk/SysSiteAssets/media/downloads/force-content/met/campaigns/fraud/cyber-protect_protect-yourself-from-sim-swap-fraud.pdf
- https://www.reportfraud.police.uk/
- https://www.actionfraud.police.uk/reporting-fraud-and-cyber-crime
- https://www.ofcom.org.uk/phones-and-broadband/scam-calls-and-messages/
- https://www.ncsc.gov.uk/guidance/business-communications-sms-and-telephone-best-practice