Introduction
SIM swapping—also known as SIM jacking—continues to enable attackers to hijack phone numbers, intercept two-factor codes, and compromise everything from email accounts to crypto wallets. AT&T’s new Wireless Account Lock is a long-overdue, critical layer of protection, designed to close off one of the most exploited social engineering attack paths.
For customers of AT&T, Critical Path Security recommends immediate activation of this feature and incorporating it into mobile security strategies.
What AT&T’s Wireless Account Lock Does
This new feature allows AT&T customers to proactively prevent key account changes, including:
-
SIM and eSIM swaps
-
Phone number transfers
-
Billing address or payment info edits
-
Addition or removal of authorized users
-
Upgrades or purchases billed to the account
Accessible via the myAT&T app or website, this lock can only be toggled by the account owner or designated secondary users. Notifications are sent whenever the feature is enabled or disabled, serving as a critical early warning system.
Why It Matters
1. SIM Swapping Remains a Major Threat
Attackers exploit customer service representatives or compromised internal systems at mobile carriers to steal phone numbers. With that phone number, they bypass SMS-based MFA and account recovery protections. Cryptocurrency wallets, banking portals, and email accounts are commonly targeted.
2. Telecom-Level Defense
Locking SIM swaps at the carrier level prevents attackers from exploiting the weakest link—the human element in telecom customer support. Delays introduced by this lock could force attackers to seek easier targets.
3. Industry Alignment
While Verizon, T-Mobile, and Google Fi already offer similar protections, AT&T’s addition finally brings necessary parity across major U.S. carriers.
4. Protection Beyond SIM Swaps
Preventing fraudulent upgrades, account changes, and unauthorized purchases adds a critical layer of financial protection.
Best Practices for Critical Path Security Clients
-
Enable Wireless Account Lock immediately on all AT&T business and personal lines.
-
Educate staff and users on recognizing SIM swap warning signs—like losing service unexpectedly or receiving unlock notifications.
-
Use multi-factor authentication methods that don’t rely on SMS where possible, such as hardware security keys or app-based authenticators.
-
Incorporate SIM swap mitigation into incident response plans and phishing simulation exercises.
Strategic Takeaways
AT&T’s Wireless Account Lock reinforces a core security lesson: Don’t trust the telecom network to protect critical accounts. Harden it yourself. While no single control prevents compromise, securing telecom accounts is essential in reducing risk across enterprise and personal assets.
At Critical Path Security, we view controls like AT&T’s lock feature as foundational—yet only part of a layered defense strategy that includes endpoint protection, detection and response, behavioral monitoring, and continual security awareness training.
References
-
AT&T, Wireless Account Lock Announcement
https://about.att.com/story/2025/wireless-account-lock.html -
SC World, "AT&T Rolls Out Protections to Block SIM-Swapping Attacks"
https://www.scworld.com/news/att-rolls-out-protections-to-block-sim-swapping-attacks -
BleepingComputer, "AT&T Rolls Out Wireless Lock Feature to Block SIM Swap Attacks"
https://www.bleepingcomputer.com/news/security/atandt-rolls-out-wireless-lock-feature-to-block-sim-swap-attacks/ -
The Verge, "AT&T Finally Rolls Out Wireless Account Lock to Combat SIM Swaps"
https://www.theverge.com/news/695916/att-account-lock-sim-swapping-attack -
Cyberscoop, "AT&T Introduces Account Lock to Combat SIM Swapping"
https://cyberscoop.com/att-wireless-account-lock-sim-swapping-protection/