I am amazed that Lebara Accounts are not authenticated using 2FA, and will have to leave Lebara if they don't tighten account security.
I recently received a phone call that turned out to be a SIM swap scam. A SIM‑swap attack occurs when criminals convince a mobile network to transfer your number to a SIM they control. Once they have your number, they can intercept bank one‑time passcodes, reset email passwords, and take over financial and social accounts.
UK fraud‑prevention service Cifas reported SIM‑swap attacks rising 38% year‑on‑year, driven by criminals exploiting SMS‑based authentication.
The moment the swap happens, your phone loses service — and the attacker receives all calls and texts.
Across multiple independent reports, Lebara is repeatedly cited as a network with weak identity‑verification procedures and no 2FA for SIM‑swap requests.
Lebara customers report that SIM swaps can be performed instantly, with no verification text, no email confirmation, and no second‑factor challenge. This means a criminal who gains access to your email — or who can socially engineer support staff — can trigger a swap without your knowledge.
Which? documented a case where scammers repeatedly failed Lebara’s ID checks (wrong address, wrong password, incorrect frequently‑dialled number), yet Lebara still processed account changes and ultimately a SIM swap. This enabled attackers to drain £3,500 from the victim’s accounts.
I recently received a phone call that turned out to be a SIM swap scam. A SIM‑swap attack occurs when criminals convince a mobile network to transfer your number to a SIM they control. Once they have your number, they can intercept bank one‑time passcodes, reset email passwords, and take over financial and social accounts.
UK fraud‑prevention service Cifas reported SIM‑swap attacks rising 38% year‑on‑year, driven by criminals exploiting SMS‑based authentication.
The moment the swap happens, your phone loses service — and the attacker receives all calls and texts.
Across multiple independent reports, Lebara is repeatedly cited as a network with weak identity‑verification procedures and no 2FA for SIM‑swap requests.
Lebara customers report that SIM swaps can be performed instantly, with no verification text, no email confirmation, and no second‑factor challenge. This means a criminal who gains access to your email — or who can socially engineer support staff — can trigger a swap without your knowledge.
Which? documented a case where scammers repeatedly failed Lebara’s ID checks (wrong address, wrong password, incorrect frequently‑dialled number), yet Lebara still processed account changes and ultimately a SIM swap. This enabled attackers to drain £3,500 from the victim’s accounts.
