PanicStation.org
UK USA
uk Technology & digital loss mobile account pin changed • carrier pin changed • security code changed • sim swap warning • sim swap suspected • phone number hijacked • number transfer scam • pac request i didnt make • unauthorised sim replacement • otp texts stopped arriving • texts not coming through • suddenly lost mobile service • account takeover suspected • carrier password reset • sms two factor intercepted • someone accessed my mobile account • scam text about sim change • suspicious pac text • my number was ported

What to do if…
your mobile carrier account PIN or security code is changed without you

Short answer

Assume your mobile number may be under attack (SIM swap/number transfer). Use a different phone to contact your mobile network via an official number, tell them the account PIN/security code was changed without you, and ask them to immediately block any number transfer and undo the change.

Do not do these things

  • Don’t phone back a number from a suspicious text/email about “SIM changes” or “PAC requests” — contact your provider using an official number (bill, app, or their website).
  • Don’t rely on SMS codes to secure everything right now; if your number is compromised, SMS can be intercepted.
  • Don’t keep trying random PIN attempts or repeated resets — it can trigger lockouts and slow recovery.
  • Don’t share one-time codes, PAC details, or security answers with anyone who contacts you unexpectedly.
  • Don’t assume it’s safe just because your phone still has signal — a PIN change can be the step before a transfer.

What to do now

  1. Switch to a safer way to act (1–2 minutes). If you can, get onto trusted Wi-Fi. Use another phone (friend/landline) for calls so you’re not dependent on the possibly-compromised SIM.
  2. Contact your mobile network immediately (official number) and be very direct. Say:
    • “My account PIN/security code was changed without my permission.”
    • “I need you to block any number transfer and stop any PAC being issued.”
    • “Please reverse the unauthorised change and secure the account.”
  3. Ask them to put extra protection on the line (names vary by network). Ask whether they can:
    • block number transfers (a “transfer/porting block” or similar),
    • require stronger verification for SIM/eSIM or account changes,
    • add a note that no changes should be made without in-person or enhanced checks. Get a case/reference number.
  4. Ask what happened and what is pending. Specifically ask whether there has been:
    • a SIM replacement or eSIM activation,
    • a request to issue a PAC,
    • any change to email/address on the account,
    • any successful log-in or support contact you didn’t make. Ask for the time/date the PIN/security code was changed.
  5. Secure the accounts that can unlock everything else (from a trusted device). In this order: email → banking → Apple ID/Google account → password manager.
    • Change passwords (unique ones).
    • Where possible, switch sign-in codes away from SMS to an authenticator app or security key.
    • Sign out of other sessions/devices where the account offers that option.
  6. Call your bank(s) and card providers. Tell them your mobile number may have been hijacked and ask them to:
    • watch for unusual transfers/new payees,
    • add extra verification notes,
    • confirm your contact details haven’t been changed.
  7. Report suspicious texts the right way (if you received any). Forward scam texts to 7726 (free) to help your provider investigate and block similar messages.
  8. Create an official report (helps if money is taken or disputes follow).
    • If you live in England, Wales or Northern Ireland, report cyber crime/fraud via Report Fraud.
    • If you live in Scotland, report to Police Scotland on 101 (non-emergency).
  9. If your provider mishandles it, start the complaint trail now (briefly). Ask your network how to raise a formal complaint and keep the case number. If it remains unresolved, you can escalate via an approved telecoms dispute scheme (your provider will be in either the Communications Ombudsman scheme or CISAS).

What can wait

  • You don’t need to secure every account today — prioritise mobile provider + email + banking first.
  • You don’t need to decide now whether to change your phone number permanently.
  • You don’t need to publicly post about it or try to identify the attacker.
  • You don’t need to do long “device cleaning” right now unless you have signs your phone itself was compromised.

Important reassurance

This is a known pattern in account takeover attempts, and quick action often prevents the worst outcomes. Feeling panicky or angry is a normal response — you’re focusing on the right thing by securing the number and the accounts tied to it.

Scope note

These are first steps only: stop the transfer, regain control, and reduce immediate harm. Later, you can review longer-term protections (moving away from SMS codes, tightening carrier account security, and monitoring for identity misuse).

Important note

This is general information, not legal, financial, or professional advice. If money has been taken, prioritise your provider and bank immediately and use official UK reporting routes to document what happened.

Additional Resources
Support us