AT&T deploys new account lock feature to counter SIM swapping

AT&T widely launched its Wireless Account Lock feature Tuesday, aiming to strengthen customer protection against account takeovers and SIM-swapping attacks.
The feature comes amid rising concern over SIM swapping and other social-engineering tactics that allow bad actors to compromise user accounts and take control of their phone numbers.
The Wireless Account Lock, which had been rolling out in waves since earlier this year, is widely accessible for both individual and business customers. The feature follows similar options from competitors such as T-Mobile, Verizon, and Google Fi, which have already moved to bolster protections against SIM swapping and similar attacks.
The feature is accessed exclusively via the company’s app on a device tied to the account. If the registered device is inaccessible or lost, users must undergo extra authentication steps via AT&T’s customer support to regain or restore control.
The lock can be toggled on or off at will. When changes occur, notifications are sent to the account’s primary email and all active numbers, providing transparency about access changes and reducing the risk of surreptitious modification.
AT&T prepaid customers are also covered by a variant of the lock, with comparable blocking features adapted for their account structure.
When activated, Wireless Account Lock will restrict:
- Changes to billing information, authorized users, and phone numbers
- Transfers of wireless numbers to new accounts
- Device purchases or upgrades billed to the account
- SIM or eSIM swaps between devices
- Addition of new lines
Only primary and secondary account holders can manage these lock settings. Regular users on multi-line accounts are prevented from performing significant operations that could expose the account to manipulation.
On corporate plans, a Business Account Lock allows administrators granular control over which account features are restricted and for which lines.
Even with the additional feature, phone accounts remain a gateway for broader identity theft, making additional controls at the carrier level a crucial defensive layer. Experts have noted for years that two-factor authentication and “password-less” systems — such as hardware tokens, authenticator apps, and passkeys — have become routine recommendations for online safety.
In the wake of the Salt Typhoon breach that impacted accounts held by some of the most powerful government officials in the U.S., the Cybersecurity and Infrastructure Security Agency unveiled a detailed set of guidelines to safeguard mobile communications, including measures to combat SIM swapping.
You can read more about the account feature on AT&T’s website.