AT&T has introduced a new security feature called “Wireless Lock” to help protect customers from SIM swap attacks. This tool is now available to all users across the U.S., after being in limited rollout for nearly a year.
SIM swapping is a serious cybersecurity threat that has become increasingly common over the past few years. In a SIM swap attack, cybercriminals trick mobile carriers into transferring a victim’s phone number to a new SIM card controlled by the attacker. Once they have access to the number, the attacker can receive text messages, calls, and most importantly, two-factor authentication (2FA) codes used to secure online accounts like email, banking apps, and crypto wallets.
How AT&T’s Wireless Lock Works
With the new Wireless Lock feature, customers can lock their phone number directly through the myAT&T mobile app or website. Once the number is locked, no one — not even AT&T employees — can transfer it to another SIM card or port it to another carrier without first unlocking it.
This gives users an extra layer of protection against SIM swap scams, making it significantly harder for attackers to hijack their phone numbers.
Wireless Lock not only stops number porting but also blocks unauthorized changes to:
Billing information
Authorized users on the account
Phone numbers linked to the account
Special Protections for Business Accounts
AT&T business customers will have access to additional controls. They can:
Choose specific lines to exempt from the Wireless Lock
Restrict certain types of account changes when the lock is active
These advanced options are especially helpful for companies that manage large teams or multiple mobile lines.
SIM swapping has been linked to several major cyberattacks and financial thefts in recent years. Criminals often use stolen numbers to break into sensitive accounts or bypass login protections. In some cases, insiders at mobile companies have been bribed or tricked into helping these attackers.
Here are a few real-world incidents that show how dangerous SIM swap attacks can be:
2020: British hacker Joseph James O’Connor, also known as ‘PlugwalkJoke,’ used SIM swaps to steal over $794,000 in cryptocurrency.
2021: T-Mobile warned customers after attackers used SIM swaps to take control of various user accounts.
2023: A breach at Google Fi, Google’s mobile service, was exploited to carry out SIM swap attacks on unsuspecting customers.
Scattered Spider, a well-known cybercriminal group, was charged in the U.S. for using SIM swaps to infiltrate corporate networks.
eSIM hijacking: Attackers have started using electronic SIMs to seize control of phone numbers without needing a physical card.
In many cases, the attack doesn’t even come from external hackers. Insider threats have been growing — some employees at Verizon and T-Mobile reported receiving messages offering them bribes up to $300 to perform illegal SIM swaps.
Although AT&T’s move is a welcome improvement, it is a bit late. Rivals like Verizon have been offering similar SIM protection features for nearly five years. In today’s threat landscape, proactive security should be a top priority, and mobile carriers must constantly upgrade their defenses.
In 2023, the Federal Communications Commission (FCC) introduced new rules requiring telecom companies to adopt stronger identity verification measures before approving SIM swaps and phone number transfers. These regulations are meant to protect consumers from identity theft and unauthorized account access.
AT&T’s Wireless Lock aligns with this push and adds a user-controlled method to stop fraud before it happens.
Activating the Wireless Lock is simple. Here’s how you can turn it on:
Open the myAT&T App or visit att.com.
Log in to your account.
Go to Profile > Wireless Security.
Find the Wireless Lock option and turn it ON.
To make any changes or port your number in the future, you’ll need to unlock it manually.
SIM swap attacks have become a growing cybersecurity concern as attackers find new ways to steal identities, money, and sensitive data. AT&T’s Wireless Lock is a strong step in the right direction, giving users control over who can make critical changes to their mobile accounts.
If you are an AT&T customer, enabling this feature could be one of the simplest yet most effective steps you take to protect your digital identity. While it’s disappointing that it took AT&T this long to catch up with competitors, it’s still a crucial move to fight back against rising mobile threats.
Interesting Article : CVE-2025-6554, Google Patches Actively Exploited Chrome Zero-Day
Pingback: Critical Sudo Vulnerability Put Linux Servers at Risk: CVE-2025-32463