How to Monitor Your SMS for Identity Theft Activity
One morning, you wake up to three text messages you didn't request:
"Your verification code for Chase is 847291"
"Wells Fargo: A new device is attempting to sign in. If this wasn't you, call..."
"Your Amazon password has been reset. If you didn't request this..."
You didn't request any of those codes. Someone else did. They have your logins, and now they're trying to get past 2FA — and those codes are landing on your phone.
This is identity theft in progress. Right now. And most people miss the warning signs because text messages pile up and get dismissed as spam.
Here's how to set up an early warning system that catches unauthorized access attempts the moment they happen — not three months later when the credit card bill arrives.
How Identity Thieves Use Your SMS
The anatomy of an SMS-based identity theft attack:
Attacker has your password (from a data breach)
↓
Attacker tries to log in to your bank/email/Amazon
↓
Service sends 2FA code to YOUR phone number
↓
Attacker uses SIM swap, SS7 exploit, or social engineering
to intercept or redirect the code
↓
If they get the code → Account compromised
If they don't → They try again later
The key insight: Every SMS verification code you receive that you didn't request is proof that someone is actively trying to break into your account. These texts are warning signals — and most people ignore them.
The Warning Signs in Your Text Messages
| Text Message You Receive | What It Means |
|---|---|
| 2FA codes you didn't request | Someone has your password and is trying to log in |
| "New device sign-in" alerts | Someone is accessing your account from an unknown device |
| Password reset confirmations | Someone is trying to lock you out by changing your password |
| Account activation texts | Someone opened a new account using your identity |
| "Suspicious activity" alerts from your bank | Unauthorized transactions are happening |
| Verification codes from services you don't use | Someone created accounts using your phone number |
| "Your number has been transferred" from carrier | SIM SWAP IN PROGRESS — act immediately |
The problem: these texts arrive at random hours, get buried under group chats and delivery notifications, and you don't notice the pattern until it's too late.
The Setup: SMS-to-Email Early Warning System
All incoming SMS → Your iPhone → SMS to Email Forwarder
↓
[email protected]
↓
Gmail filters + alerts
↓
Push notifications for
suspicious patterns
Step 1: Create a Security Monitoring Email
Set up a dedicated inbox for SMS monitoring:
[email protected]- Or add a label filter on your existing email
This inbox will receive ALL your SMS. You won't read them all — you'll let Gmail filters surface the important ones.
Step 2: Install SMS to Email Forwarder
Download SMS to Email Forwarder.
- Enter your security monitoring email
- Complete the Shortcuts setup
- Every incoming SMS now flows to your monitoring inbox
Step 3: Configure Gmail Filters for Auto-Detection
This is where the magic happens. Set up filters that flag suspicious texts:
| Gmail Filter | Label | Notification |
|---|---|---|
| Body contains "verification code" OR "security code" OR "OTP" | 🔐 Auth Code | ⭐ Star |
| Body contains "new device" OR "new sign-in" OR "unrecognized" | 🚨 New Access | Push notification |
| Body contains "password reset" OR "password changed" | 🚨 Password Change | Push notification |
| Body contains "SIM" OR "transferred" OR "ported" | 🔴 SIM SWAP | Push + email to backup |
| Body contains ("account" AND "opened") OR "welcome to" | ⚠️ New Account | Star |
| Body contains "suspicious" OR "fraud" OR "unauthorized" | 🚨 Fraud Alert | Push notification |
| All other forwarded SMS | Archive | No notification |
Step 4: Set Up a Weekly Review
Every Sunday: open the monitoring inbox, scan the labeled emails:
🔐 Auth Code— Did you request all of these? If any are unrequested, that account's password is compromised.🚨 New Access— Do you recognize all the sign-ins? If not, secure that account immediately.⚠️ New Account— Are there welcome messages from services you never signed up for?
The Response Playbook
If You See Unrequested 2FA Codes
| Urgency | Action |
|---|---|
| Immediate | Change the password for that service RIGHT NOW |
| Within 1 hour | Enable a stronger 2FA method (authenticator app, hardware key) |
| Within 24 hours | Check HaveIBeenPwned.com for your email — your credentials are likely in a breach database |
| Within 1 week | Change passwords on all accounts that used the same password (yes, really) |
If You See "New Device Sign-In" You Didn't Authorize
- Log into the service immediately
- Go to Security → Active Sessions → Revoke all sessions except your current one
- Change password
- Enable authenticator-based 2FA (not SMS-based)
- Check for email forwarding rules the attacker may have set up
- Review any recent transactions or changes
If You See "SIM Transferred" or "Number Ported"
This is a SIM swap attack. You have minutes, not hours.
- Call your carrier immediately from a different phone
- Report the unauthorized port/transfer
- Request a SIM lock / port freeze
- Change passwords on all financial accounts
- Contact your bank and freeze transactions
- File a police report
- File with the FTC: identitytheft.gov
If You See Accounts You Never Opened
Someone is using your identity to create accounts:
- Contact the service's fraud department
- Request account closure and fraud flag
- Place a fraud alert on your credit reports (all three bureaus)
- Consider a credit freeze
- File an identity theft report with the FTC
Building Your Identity Theft Detection Timeline
The email archive creates a forensic timeline that's invaluable for:
Insurance Claims
If your identity is stolen and you suffer financial loss, the email archive proves:
- When the first unauthorized access attempt occurred
- That you took action as soon as you noticed
- The pattern and frequency of attacks
- Which accounts were targeted
Law Enforcement
When filing a police report or working with the FBI's IC3:
- Export the filtered emails as PDF
- The timeline shows organized, systematic access attempts
- Timestamps and phone numbers provide investigative leads
Credit Bureau Disputes
When disputing fraudulent accounts:
- Show the "welcome" and "verification" texts from accounts you didn't create
- Demonstrate that your phone number was used without your authorization
- The continuous archive proves you weren't the one creating the accounts
Long-Term Identity Protection Stack
SMS monitoring is one layer. Here's the full stack:
| Layer | Tool | Purpose |
|---|---|---|
| SMS monitoring | SMS to Email Forwarder (this guide) | Catches real-time attack attempts |
| Breach monitoring | HaveIBeenPwned alerts | Notifies you when credentials appear in breaches |
| Credit monitoring | Credit Karma (free) | Alerts for new accounts, hard inquiries |
| Credit freeze | Equifax, Experian, TransUnion | Prevents new credit accounts entirely |
| Password manager | Bitwarden (free) or 1Password | Unique passwords for every account |
| Authenticator app | Authy or Google Authenticator | Stronger 2FA than SMS |
| SIM lock | Your carrier | Prevents unauthorized number ports |
SMS monitoring is the earliest warning system in this stack — it catches attack attempts before they succeed, while other tools only detect damage after it's done.
Don't Wait for the Fraudulent Credit Card Bill
Most identity theft victims discover the theft 3-6 months after it starts. By then, the damage is extensive: fraudulent accounts, damaged credit score, hours on the phone with banks and credit bureaus.
SMS monitoring cuts that detection time to minutes. The unrequested verification code at 3 AM isn't spam — it's a warning. The "new device" alert you almost dismissed isn't a glitch — it's an intruder.
Your text messages are telling you someone is coming for your accounts. You just need a system that makes sure you actually hear them.
Related: personal safety text archive | bank transaction SMS monitoring
Catch identity theft before it starts.
Download SMS to Email Forwarder — turn your incoming texts into an early warning system.
Ready to get started?
Set up automatic SMS forwarding in under 2 minutes. Free plan available — no credit card required.
Download on the App Store