The short version.
Cell carriers can transfer a phone number to a new SIM. Attackers exploit this by calling the carrier with stolen identifying info, requesting the swap, and receiving the teen's SMS-based account-recovery codes. Teen accounts are common targets because of weaker security hygiene and gaming-rare-item value.
The platforms and contexts.
Originates from leaked-data marketplaces (where attackers find the teen's identifying info) and Telegram channels coordinating SIM-swap operations. Some teen-on-teen incidents originate from school-bus or friend-group conflict.
The timeline.
SIM-swap attacks have been a known issue since at least 2017. Teen-specific targeting has accelerated since 2020 alongside gaming-item black markets and teen crypto holdings.
The core facts a parent needs.
- SMS-based 2FA is the weakest 2FA. App-based (Authy, Google Authenticator) is dramatically harder to swap.
- Carriers vary in protection quality. Verizon and AT&T have added PIN requirements; T-Mobile has had the most documented teen-swap incidents.
- Attack chain compounds: SIM access → email recovery → banking, social, crypto, gaming, school accounts cascade in minutes.
What's actually at stake.
- Real money loss — crypto wallets, gaming-item theft, bank-account drain.
- Social-account takeover used to defraud the teen's contacts or post damaging content.
- Identity-data exposure that follows the kid for years.
The talk that lands — try it now.
Imagine you just learned your teen brushed up against this. You have 60 seconds before the conversation begins. What you say first decides whether the next 20 minutes opens the door — or slams it.
"What were you thinking? Give me your phone — now."
Panic + punishment in the same breath. The teen reads it as "every honest detail will be used against me." The phone comes; the truth doesn't.
What would you open with instead? Picture it for a beat — then…
"I want to ask about something — no trouble, I just want to understand it. Can we sit for five minutes?"
Curiosity, not court. Promise of safety in the first sentence. Time-bounded so it doesn't feel like a trap. Almost every teen says yes to five minutes.
Then, in those 5 minutes:
- Add a port-out PIN with your carrier. Every major carrier offers this; it requires the PIN to authorize SIM changes. Call your carrier to set it up — 10 minutes.
- Move every important account off SMS-based 2FA. App-based or hardware (YubiKey) for crypto, email, banking, primary social.
- If your teen is suddenly without cell service, that's a SIM swap until proven otherwise. Call the carrier immediately to reverse before account cascade.
Try saying it out loud once before you close this tab. Cool parents rehearse — yelled parents wing it.
Practice 200 more parent–teen scripts →Concrete next steps.
- Add a port-out PIN with your carrier. Every major carrier offers this; it requires the PIN to authorize SIM changes. Call your carrier to set it up — 10 minutes.
- Move every important account off SMS-based 2FA. App-based or hardware (YubiKey) for crypto, email, banking, primary social.
- If your teen is suddenly without cell service, that's a SIM swap until proven otherwise. Call the carrier immediately to reverse before account cascade.
Cell carrier fraud line (back of the SIM card) · FBI ic3.gov · FTC identitytheft.gov · Local police for in-person targeting.