Phishing-Enabled Telecom Account Hijack — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Severity: HIGH | View Full Scam Details

Phishing-Enabled Telecom Account Hijack Scam in India 2026: Stay Alert to Protect Your UPI & Aadhaar

Phishing-enabled telecom account hijack is a rising cybercrime threat in India, putting your mobile number, UPI, and KYC details at serious risk.

What Is the Phishing-Enabled Telecom Account Hijack?

This scam involves fraudsters using phishing tactics to take over your mobile phone number through a SIM swap or account modification — allowing them full control of your telecom services. Once your SIM or mobile account is hijacked, they use it to access financial apps, UPI wallets, and services that rely on your mobile number for authentication. This type of fraud exploits the strong link between your mobile number, Aadhaar-based KYC, and banking services in India.

Telecom victims are often everyday mobile users who receive calls or messages that seem to be from their network operator, bank, or government agency. These messages use emotional triggers like urgency, fear of losing service, or legal threats to bait you into sharing personal details, OTPs, or consent to SIM swaps. According to reports received by Indian cybercrime cells, the scam is spreading fast, especially through WhatsApp and social media platforms, as scammers impersonate customer care or official entities. The Indian Computer Emergency Response Team (CERT-In) and the Reserve Bank of India (RBI) have issued general warnings about SIM swap and phishing fraud, highlighting the growing need for vigilance.

How This Scam Works — Step by Step

1. Initial Contact: You receive a message or call on WhatsApp, SMS, or phone from someone pretending to be your telecom operator, bank, or even an official agency like UIDAI (Aadhaar). The message may claim your SIM is at risk of being blocked or your Aadhaar/KYC needs urgent verification.

2. Creating Urgency: The caller insists action is required immediately to protect your account from fraud or suspension. They may say, "Your account will be locked in 10 minutes if you do not verify," creating panic.

3. Phishing for Details: You are asked to share sensitive information like full name, date of birth, Aadhaar or PAN details, or one-time passwords (OTPs). Sometimes, they might send a fake link mimicking your bank or telecom provider’s website asking you to enter login credentials.

4. SIM Swap or Mobile Account Hijack: Using the details you gave, the scammer convinces the mobile operator's customer service (either via social engineering or insider access) to issue a new SIM card for your phone number. This deactivates your original SIM and transfers your mobile number to the attacker.

5. Account Takeover: With control over your SIM, scammers intercept OTPs sent via SMS. They access your UPI apps and bank accounts linked to that number, transferring funds or making unauthorized transactions.

6. Further Exploitation: The fraudster may also tamper with your Aadhaar-linked mobile number or use your KYC to open fraudulent financial accounts or loan apps.

Real Warning Signs to Watch For

• Unexpected calls or WhatsApp messages claiming to be from your mobile operator or bank asking for OTPs or personal info.
• Messages pressuring you to act urgently, threatening suspension or legal action.
• Requests to share Aadhaar, PAN, or bank details over phone or chat.
• Links that look like your bank or telecom website but have spelling errors or unusual URLs.
• Notifications that your SIM or mobile number has been deactivated or registered on another device without your action.
• Receiving OTPs or transaction alerts on your phone that you did not initiate.
• Sudden loss of mobile network or inability to make calls despite phone being active.

What Happens to Victims

For victims, the financial damage can be significant. Once scammers have control of the mobile number, they can authenticate UPI transactions, siphoning off amounts ranging from a few thousand to lakhs of rupees directly from bank accounts. The victims face hurdles in reversing UPI payments since RBI rules generally do not allow reversal unless proven fraud is reported quickly. Aadhaar misuse can add another layer of trouble, as scammers use the victim’s identity to open fraudulent accounts, obtain loans, or commit other financial crimes, leading to long-term complications.

Emotional distress is high among victims, with many feeling vulnerable due to loss of privacy and control over their mobile-linked services. Reports to cybercrime police and telecom grievance cells have increased sharply, reflecting how disruptive this scam is becoming.

What RBI and CERT-In Say

The Reserve Bank of India has repeatedly advised users to never share OTPs, passwords, or personal information with anyone, even if the caller claims to be from your bank or telecom provider. RBI’s guidelines emphasize verifying the authenticity of all calls and messages before responding.

CERT-In, India’s official cyber incident response agency, warns about SIM swap fraud and phishing scams targeting telecom customers. It urges mobile users to register for Mobile Number Portability (MNP) carefully and to alert their telecom provider immediately if suspicious activity is noticed. The National Cybercrime Reporting Portal (cybercrime.gov.in) recommends reporting frauds promptly on their platform. The 1930 cybercrime helpline is also available for support related to these incidents.

How to Protect Yourself

1. Never share OTPs or personal identification information over phone calls or WhatsApp chats.
2. Verify the identity of callers by independently contacting your telecom operator or bank using official helpline numbers.
3. Avoid clicking links in unsolicited messages; type URLs directly or use official apps.
4. Use multi-factor authentication (MFA) carefully, preferring app-based authenticators over SMS OTP where possible.
5. Regularly check your mobile number’s status with your telecom provider; report any unexpected SIM deactivation immediately.
6. Register your mobile number with the Do Not Disturb (DND) registry to reduce spam calls.
7. Keep your Aadhaar details confidential and avoid linking it indiscriminately unless necessary.

What to Do If You’ve Been Targeted

• Immediately contact your telecom operator to block or port your SIM, and request a freeze on your number.
• Report the incident to your bank’s fraud department and freeze all online banking activities.
• File a complaint on the National Cybercrime Reporting Portal at cybercrime.gov.in.
• Call the 1930 cybercrime helpline for assistance with filing FIRs or understanding next steps.
• Promptly change passwords and PINs for all financial services linked to your mobile number.
• Inform UIDAI if you suspect Aadhaar misuse.

Frequently Asked Questions

Q: How does a scammer convince my telecom operator to swap my SIM?
The caller uses social engineering tactics, pretending to be you or a trusted official, sometimes quoting personal info from phishing to manipulate customer care into authorizing the swap.

Q: Can I recover money lost from UPI transactions after a SIM hijack?
RBI guidelines allow you to request refunds, but quick reporting and evidence are vital. Delays reduce chances of reversal, so immediately inform your bank and report fraud.

Q: Is it safe to link Aadhaar with my mobile or bank account?
While Aadhaar-based KYC is common, always limit sharing to trusted entities, and avoid disclosing Aadhaar details over phone or social media channels. Be alert to any unusual requests.

If you receive suspicious messages or calls asking for personal or OTP details, verify with BharatSecure.app and report scams at the 1930 cybercrime helpline immediately.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.