KYC/E-SIM Fraud Hijacking Mobile Numbers — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team ·

Severity: CRITICAL | View Full Scam Details

🛡️ Want to check if you've received this scam?

Check This Scam on BharatSecure →

KYC/E-SIM Fraud Hijacking Mobile Numbers in India (2026): A Rising Threat to Your UPI Security

Mobile number hijacking through KYC and e-SIM fraud is becoming a serious cybercrime in India, putting UPI transactions and personal data at high risk.

What Is the KYC/E-SIM Fraud Hijacking Mobile Numbers?

KYC/E-SIM fraud hijacking mobile numbers is a type of scam where fraudsters take over your mobile number by bypassing the telecom KYC (Know Your Customer) process or by illegitimately issuing an e-SIM on your number. Once they gain control of your mobile number, they can intercept One-Time Passwords (OTPs) and reset credentials linked to your UPI apps, bank accounts, and even Aadhaar-based services.

This scam mostly targets people who have limited digital literacy or are unaware of recent changes in telecom regulations, especially the introduction of e-SIM technology that allows users to activate mobile service without a physical SIM card. Reports to Indian cybercrime authorities, including CERT-In and I4C, indicate a sharp rise in such cases since late 2025, with some victims losing lakhs of rupees via unauthorized UPI payments.

The Reserve Bank of India (RBI) and CERT-In have issued broad warnings to the public about protective measures but have yet to release targeted advisories specifically about e-SIM hijacking fraud. However, these scams are categorized under severe cyber frauds affecting UPI and mobile banking security.

How This Scam Works — Step by Step

  1. Initial Contact: The fraudster calls or sends an SMS/text message impersonating a telecom service provider’s customer support. The contact often appears to come from a spoofed number that looks similar to genuine telecom helpline numbers.

  2. Creating Urgency: The scammer tells the victim there is an urgent issue, such as SIM suspension, fraudulent activity detected, or urgent KYC verification needed — otherwise the mobile number or services will be blocked.

  3. Extracting Personal Details: To "verify" identity, the caller requests sensitive personal data like Aadhaar number, date of birth, and mobile number. Sometimes, they ask to confirm OTPs purportedly sent to the mobile number.

  4. Initiating KYC or e-SIM Activation: Using the gathered data and OTPs, the fraudster fraudulently requests a KYC update or activates an e-SIM on their device, effectively transferring the victim’s mobile number to their possession.

  5. Taking Control of UPI and Bank Accounts: With control of the mobile number, the scammer can intercept all OTPs sent for banking transactions via UPI, reset passwords, and make unauthorized payments.

  6. Draining Funds: UPI transactions occur seamlessly since the original SIM is deactivated, leaving the victim unaware until large withdrawals or transactions appear on their bank statements.

Real Warning Signs to Watch For

What Happens to Victims

Victims of KYC/e-SIM hijacking often face severe financial losses as scamsters use their mobile identity to approve unauthorized UPI payments. Since many rural and urban Indians use UPI for daily transactions, these losses can range from a few thousand rupees to lakhs.

Emotionally, victims report distress and helplessness, especially since such fraud also compromises their Aadhaar-linked services, which may affect government subsidies or other welfare schemes. The victim’s mobile number being hijacked also causes loss of access to WhatsApp and other essential communication apps, further complicating recovery.

UPI’s instant payment feature makes it difficult to reverse transactions once completed, despite RBI guidelines on dispute resolution. This leaves many victims reliant on police intervention to track and possibly freeze funds, adding time and frustration.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) regularly updates users about secure UPI transaction practices but has emphasized in circulars that users should never share OTPs or bank credentials. RBI’s grievance helpline and complaint mechanism can be accessed through the banking ombudsman and their website.

CERT-In (Indian Computer Emergency Response Team) has issued advisories warning about social engineering fraud via calls and SMS, urging users to verify the authenticity of communications from telecom providers and banks.

The Ministry of Home Affairs supports reporting such cybercrimes on the national cybercrime portal (cybercrime.gov.in) and uses the 1930 helpline for immediate assistance.

How to Protect Yourself

  1. Do Not Share OTPs or Aadhaar Details: Genuine telecom providers or banks never ask for OTP or Aadhaar details over phone calls or messages.

  2. Verify Caller Identity: If called claiming to be from your telecom operator, hang up and call back on official numbers listed on the provider’s website.

  3. Use Telecom Provider Apps: Manage SIM and e-SIM requests only via verified official apps or websites, never through unknown links or calls.

  4. Set UPI Transaction Limits: Use app features to lower daily UPI transaction limits and enable app-based notifications for every transaction.

  5. Enable Mobile Number Lock: Some telecom companies offer extra PIN/password options on SIM services to avoid unauthorized changes.

  6. Keep Your Aadhaar KYC Updated Carefully: Avoid sharing Aadhaar or biometric details casually and regularly check Aadhaar-linked services for anomalies.

  7. Monitor Bank Alerts Instantly: Promptly act on any suspicious bank or UPI transaction alert by contacting the bank immediately.

What to Do If You’ve Been Targeted

  1. Immediately Contact Your Telecom Provider: Inform them of unauthorized SIM or e-SIM activation and request immediate blocking or locking of the number.

  2. Freeze Your Bank Accounts: Ask your bank or UPI app provider to temporarily freeze transactions and change UPI PINs.

  3. File a Complaint on the National Cybercrime Portal: Report the incident at cybercrime.gov.in, including details of the fraud and any communication from the scammer.

  4. Call 1930 Cybercrime Helpline: Seek guidance and assistance to escalate the matter to police and cyber law enforcement.

  5. Inform RBI and Bank Ombudsman: File a complaint with banking authorities if unauthorized transactions took place to start grievance redressal.

  6. Change Passwords and Enable 2FA: Update related email and Aadhaar account passwords and enable two-factor authentication wherever possible.

Frequently Asked Questions

Q1: Can my mobile number be recovered after an e-SIM hijack?
Yes, you can recover your mobile number by contacting the telecom service provider urgently to disable the fraudulent SIM/e-SIM and reissue your number after proper KYC verification. Acting quickly reduces further damage.

Q2: Are OTPs sent on my mobile number safe during such a scam?
No, once a fraudster hijacks your mobile number, all OTPs will be received by them, which compromises your bank account and UPI transaction security.

Q3: How do I know if my number is compromised by such fraud?
Signs include sudden loss of mobile network, no incoming calls, unusual transaction alerts from your bank, or receiving messages about new SIM/e-SIM activation you didn’t request.

If you receive suspicious calls or messages about KYC or e-SIM on your mobile number, verify and protect yourself immediately. Remember, BharatSecure.app can help you verify suspicious communications, and you can report fraud to the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.

Related Scams in Our Database

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app.