Fake Telecom SMS Phishing for SIM Swap — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 30, 2026

Severity: HIGH | View Full Scam Details

Beware of Fake Telecom SMS Phishing for SIM Swap in India 2026: Protect Your UPI and Aadhaar Today

In 2026, a growing number of Indian mobile users face a high-risk cybercrime where fraudsters send fake telecom SMS messages to trick them into SIM swaps, putting their UPI accounts and Aadhaar-linked services at serious risk.

What Is the Fake Telecom SMS Phishing for SIM Swap?

This scam involves fraudsters sending malicious SMS messages impersonating telecom operators to Indian subscribers. The fake messages often claim there is a problem with the user’s mobile connection, KYC (Know Your Customer) verification, or Aadhaar linking, prompting urgent action. Victims are then lured into sharing OTPs (One-Time Passwords) or sensitive details, which scammers use to request a SIM swap from the legitimate operator.

SIM swap fraud has become widespread in India, especially as mobile numbers are linked to critical financial and identity services such as UPI (Unified Payments Interface) and Aadhaar. Once the fraudsters gain control of the SIM, they can access bank OTPs, complete fraudulent transactions, or misuse Aadhaar-based services, causing severe financial loss. Authorities including CERT-In (Indian Computer Emergency Response Team) and RBI have repeatedly warned users about the spike in such phishing attempts exploiting mobile telecom services.

Given the explosive growth in online banking and digital payments in India, fraudsters see SIM swap phishing as a lucrative attack vector, resulting in a high risk score of 8/10 for victims.

How This Scam Works — Step by Step

1. Fake SMS Sent: The victim receives an SMS allegedly from their telecom provider saying their mobile number will be deactivated or their Aadhaar-related KYC needs urgent updating. The SMS usually contains a link or an instruction to call a given number.

2. Initial Contact: If the victim clicks the link or calls, they connect with fraudsters posing as telecom customer care executives. They often sound convincing and use official jargon to build trust.

3. OTP or Personal Information Request: The fraudster explains that to solve the issue, they will send an OTP to the victim’s number and ask for it. Alternatively, they may seek Aadhaar number details, date of birth, or PAN card information under the pretense of KYC.

4. SIM Swap Request: Using the gathered OTP and personal info, the fraudsters request the mobile operator to swap the victim’s number to a new SIM card controlled by them.

5. Gain Control of Mobile Number: Once the swap succeeds, the victim’s phone loses network, while the fraudsters receive all calls and OTPs on the new SIM.

6. Access UPI and Bank Accounts: With OTP access, fraudsters initiate UPI transactions from the victim’s linked bank account or reset passwords of other financial apps.

7. Financial Loss and Data Theft: Victims find fraudulent debits from their accounts and potential misuse of Aadhaar-linked services, causing both financial harm and identity theft risks.

Real Warning Signs to Watch For

• SMS messages urging immediate action on SIM or Aadhaar KYC — especially with threatening language or deadlines.

• Links in SMS that lead to unofficial websites or ask for OTPs, passwords, or Aadhaar details.

• Unexpected calls from “telecom customer service” asking to verify OTP or personal information.

• Loss of mobile network suddenly after interacting with suspicious SMS or calls.

• Requests to share OTP received on your phone for unknown reasons.

• SMS sender numbers that do not match verified telecom shortcodes.

• Receiving confirmation SMS for SIM activation/replacement you did not request.

What Happens to Victims

Victims of this scam in India suffer direct financial loss as fraudsters complete unauthorized UPI transactions. Since UPI transactions often rely on OTPs sent to the mobile number, SIM swap fraudsters easily bypass these controls. Victims struggle to reverse such payments as UPI has limited real-time reversals. Furthermore, Aadhaar details shared during the scam can be misused for identity theft, opening multiple risks including fraudulent loans or fraudulent accounts.

Emotionally, victims suffer from anxiety and loss of trust in digital payments or mobile services, compounded by the cumbersome process of regaining control over their mobile number and bank accounts. Many face long delays in SIM reactivation and bank account freezes, often losing money permanently.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) and CERT-In have repeatedly issued advisories warning about increasing SIM swap fraud risks. RBI mandates banks to follow multi-factor authentication but cautions customers never to share OTPs or passwords. CERT-In advises vigilance against phishing SMS and recommends reporting suspicious messages to telecom providers and cybercrime authorities.

The National Cyber Crime Reporting Portal (cybercrime.gov.in) encourages victims to lodge complaints online for timely action. The 1930 cybercrime helpline operates throughout India to provide assistance related to SIM swap fraud and related cybercrimes.

How to Protect Yourself

1. Never Share OTPs or Passwords: Don’t share OTPs or passwords, even if the caller claims to be a bank or telecom executive.

2. Verify Telecom SMS: Confirm any suspicious telecom SMS by calling the official customer care number — not the number or link provided in the message.

3. Use Mobile Banking App Notifications: Prefer bank app notifications over SMS for transaction alerts, as these are more secure.

4. Set Up UPI PIN and Block SIM Swap Requests: Contact your telecom provider to enable extra security on SIM swap requests, where available.

5. Update Your Aadhaar and KYC Only Via Official Channels: Avoid updating Aadhaar or KYC details prompted by SMS messages; use government-verified portals or in-person centers.

6. Monitor Bank Transactions Regularly: Frequently check bank and UPI transactions to detect any unauthorized activity early.

7. Report Suspicious SMS and Calls: Save SMS with sender IDs and report to telecom operators and police cyber cells promptly.

What to Do If You've Been Targeted

• Immediately contact your telecom operator to block or deactivate the new SIM and request SIM re-activation on your original number.

• Change all online banking and UPI passwords urgently, and inform your bank to freeze debits temporarily.

• Lodge a complaint on the National Cyber Crime Reporting Portal (cybercrime.gov.in) or call the 1930 cybercrime helpline.

• File a police complaint at the nearest cybercrime cell with proof of fraudulent transactions and suspected phishing SMS.

• Inform your bank about the unauthorized transactions and follow their procedure for dispute resolution; keep all communication documented.

• Monitor Aadhaar-related services for suspicious activity and consider placing an alert on your Aadhaar account.

Frequently Asked Questions

Q: Can I get my money back if a SIM swap scam causes unauthorized UPI transactions?
A: Recovery depends on bank policies and the investigation outcome. RBI guidelines encourage banks to assist victims, but success varies. Reporting quickly improves chances of recovery.

Q: How do fraudsters use my Aadhaar in a SIM swap scam?
A: Fraudsters may trick you into sharing Aadhaar and related details, which they misuse for KYC fraud, opening fake accounts, or accessing government benefits illegally.

Q: What is the 1930 helpline, and how can it help me?
A: The 1930 helpline is India’s national cybercrime reporting number. Victims can call to report cybercrimes, get guidance on filing complaints, and receive support for fraud resolution.

Protect yourself from fake telecom SMS phishing scams by staying alert and verifying any suspicious messages or calls. Always cross-check before sharing OTPs or Aadhaar details. Visit BharatSecure.app to verify messages and report fraud through the 1930 helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.