Cambodian SIM & Phishing Racket — How to Identify & Stay Safe

Severity: CRITICAL | View Full Scam Details

Cambodian SIM & Phishing Racket: Why Indian Numbers Are Being Used From Cambodia

Cross-border cybercrime is evolving fast, and one of the most dangerous trends affecting Indians is the Cambodian SIM & Phishing Racket. In this scam ecosystem, Indian SIM cards are sourced in India and then operated from scam hubs in Cambodia (and nearby regions). The result: victims receive calls and messages from what appear to be normal Indian mobile numbers, but the people controlling them are overseas—running phishing, account takeovers, and extortion.

This matters because trust is the scammer’s biggest weapon. When a caller ID looks “Indian,” many people lower their guard, share OTPs, or comply with threats. Understanding how the scam works—and how SIM cards get into the wrong hands—can help you protect yourself and your family.

---

What is Cambodian SIM & Phishing Racket?

The Cambodian SIM & Phishing Racket is a cross-border cybercrime pattern where Indian mobile SIMs are trafficked or misused and then used from Cambodia to:

• Phish banking or UPI credentials
• Steal OTPs to take over accounts (banking, WhatsApp, email)
• Impersonate officials or customer care
• Run intimidation and extortion operations

Victims often report that the call sounds suspiciously “international” or has unusual background noise, yet the number appears to be a regular Indian mobile number.

---

How does it work?

SIM sourcing and “commission” traps

A common entry point is a SIM buy/sell or “easy commission” pitch. Someone offers money for:

• Buying SIM cards in your name
• Selling your unused SIM
• “Renting” your SIM for a short period
• Sharing KYC documents to “activate” SIMs

Once a SIM is out of your control, it can be used as a tool for crime. In many cases, SIMs are collected through local agents, and then moved into larger networks.

Activation, routing, and scam operations

After collecting SIMs, criminals may:

• Insert them into devices and run call/message campaigns
• Use software/telephony tools to automate dialing
• Use messaging to deliver malicious links or social engineering scripts

From the victim’s perspective, it feels like a domestic scam attempt. From the criminal’s perspective, it’s safer: they can target India while operating from abroad.

What scammers typically do with these SIMs

Common scam outcomes include:

1. Banking/UPI phishing: Fake KYC updates, blocked account warnings, “refund pending” messages.

2. WhatsApp takeover: The victim is tricked into sharing an OTP; the attacker registers WhatsApp on a new device.

3. Extortion and intimidation: Threat calls, fake legal/police claims, or personal-data based pressure.

4. Customer-care impersonation: “Your SIM will be blocked,” “Your parcel is seized,” “Your loan is overdue.”

---

Red flags to watch for

Suspicious calling patterns

• Calls from an Indian number but with foreign-sounding line quality, odd delays, or unusual background noise
• The caller’s story doesn’t match your city, operator, or recent activity
• Repeated missed calls from unknown numbers followed by urgent demands

Social engineering pressure

• Urgency: “Do it now or your account will be blocked.”
• Fear: Threats of police, legal action, or account freeze.
• Greed: Offers to buy/sell SIM cards for “commission.”

Credential and KYC traps

• Requests for OTP, UPI PIN, banking password
• Requests for Aadhaar/PAN photos or screen-sharing
• Links to fake “KYC update” pages

---

How to protect yourself

1) Never sell, rent, or “lend” your SIM

Your SIM is an identity token. If it’s misused, it can pull you into investigations or cause reputational damage. If you have spare SIMs, deactivate them properly through your telecom operator.

2) Treat OTP/UPI PIN as non-shareable

• No legitimate bank or app will ask for your OTP or UPI PIN.
• Never read OTPs aloud on calls.
• Don’t enter OTPs on pages reached via unknown links.

3) Reduce attack surface

• Enable 2-factor authentication where possible.
• Lock SIM with a SIM PIN (if supported).
• Keep WhatsApp/email recovery options updated.

4) Verify before you act

If someone claims to be from your bank, courier, telecom, or police:

• Hang up.
• Call back using the official number from the website/app, not the number that contacted you.

5) If you suspect your SIM/WhatsApp is compromised

• Contact your telecom provider immediately to confirm SIM status.
• Secure email and banking apps (change passwords, revoke sessions).
• Inform friends/family if WhatsApp is taken over.

---

How to report in India

If you’re targeted or you’ve lost money, act quickly:

1. Call 1930 (National Cyber Crime Helpline) as soon as possible.

2. File a report at https://cybercrime.gov.in/ with all evidence.

3. Inform your bank/UPI app immediately and request transaction reversal/hold (time matters).

4. Preserve evidence: screenshots, call recordings (if available), numbers, timestamps, URLs, and chats.

If the scam involves SIM misuse, also raise a complaint with your telecom operator and request deactivation or investigation.

---

FAQ

What is Cambodian SIM & Phishing Racket?

It’s a cross-border scam pattern where Indian SIM cards are trafficked or misused and then operated from Cambodia to run phishing, account takeovers, and extortion—making scams look like they’re coming from Indian numbers.

How does it work?

SIMs are obtained through “commission” offers or identity misuse, moved into criminal networks, and used to call/message Indian victims for OTP theft, fake KYC, WhatsApp takeover, or intimidation.

How to protect?

Never sell/rent your SIM, never share OTP/UPI PIN, verify callers via official channels, avoid unknown links, and enable strong account security (2FA, secure recovery settings).

How to report in India?

Call 1930, report at cybercrime.gov.in, notify your bank/app immediately, and share all evidence. Also contact your telecom operator if your SIM is involved.

---

Check any suspicious message free at bharatsecure.app.