Port Hacking / Port-Out Fraud — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: HIGH | View Full Scam Details

Port Hacking / Port-Out Fraud in India 2026: Protect Your Mobile Number from Cyber Theft

Port hacking, also known as port-out fraud, is a growing cybercrime threat in India in 2026 that targets your mobile number to hijack your banking, UPI, and Aadhaar accounts.

What Is the Port Hacking / Port-Out Fraud?

Port hacking or port-out fraud exploits India’s mobile number portability system (MNP), a service designed to let users keep their mobile number when switching network providers. Fraudsters take advantage of this feature by illegally transferring your mobile number to a new SIM under their control. Once they have your number, they can intercept One-Time Passwords (OTPs) sent via SMS or calls, which are used to secure financial transactions and other sensitive services.

This scam mainly targets mobile users with linked financial and digital identity accounts—especially those using UPI apps, Aadhaar-based services, and WhatsApp for communication and authentication. With over one billion mobile connections in India, the scale of this fraud is rising, and cases reported to police and cybercrime agencies have increased sharply in recent years.

The Indian government and cybersecurity bodies such as CERT-In (Indian Computer Emergency Response Team) and the Indian Cyber Crime Coordination Centre (I4C) have issued advisories asking telecom operators to tighten port-out verification processes. The Reserve Bank of India (RBI) also warns customers about potential losses resulting from SIM swap frauds, urging vigilance around mobile number security.

How This Scam Works — Step by Step

1. Data Collection by Fraudsters: Scammers start by collecting your personal details like your full name, date of birth, mobile number, and even your Aadhaar or PAN details. This is done through phishing emails, data breaches, or social engineering calls.

2. Initiating a Port-Out Request: Using your stolen details, fraudsters call your mobile operator’s customer service, impersonating you. They request to port your number to a new SIM card that they control, often providing fake identity proof.

3. Mobile Number Transferred: Once the operator processes the port-out request, your original SIM stops working and the new SIM starts receiving all calls and SMS messages meant for you.

4. Intercepting OTPs and Messages: Since your number now belongs to the fraudster, all OTPs from your bank, UPI app, Aadhaar services, and WhatsApp verifications come to them.

5. Account Takeover and Financial Theft: Using the intercepted OTPs, fraudsters reset your online banking passwords, transfer money through UPI to their accounts, or take over your WhatsApp and other linked accounts. Victims often realise the fraud too late.

Real Warning Signs to Watch For

• Unexpected loss of mobile network or sudden "No Service" message on your phone.
• Receiving alerts or SMS about a SIM or port-out request that you did not initiate.
• Calls or messages from your telecom operator asking to verify port-out requests.
• Failure to receive OTPs during online banking or important transactions.
• Receiving notifications of UPI transactions or bank alerts you did not initiate.
• WhatsApp showing “This phone number is no longer registered”, or logging you out unexpectedly.
• Calls or messages from unknown numbers claiming to be from your bank or telecom but pushing urgent actions.

What Happens to Victims

Victims of port hacking face both financial and emotional consequences. Financially, money can be drained from bank accounts via UPI transactions authorised through OTPs intercepted by fraudsters. Immediate reversals are often not possible because these transactions are authenticated with valid OTPs.

Emotionally, victims experience loss of control over their digital identities. Access to Aadhaar-linked services, WhatsApp messaging, and other communication channels may be blocked or misused for further frauds. It can take weeks or months to regain control and repair credit reputations. In rural or semi-urban India, where digital literacy is still growing, victims are particularly vulnerable to long-term harm and may hesitate to report the crime.

What RBI and CERT-In Say

The Reserve Bank of India regularly issues warnings advising customers to secure their mobile numbers and beware of SIM swap frauds. RBI mandates that banks verify customer identity through additional factors beyond just OTPs where possible.

CERT-In emphasizes keeping personal data private and cautions against sharing OTPs or personal documents over calls or messages. It recommends promptly reporting any suspicious port-out activity to telecom operators and cybercrime authorities.

The Indian Cyber Crime Coordination Centre (I4C) operates the nationwide 1930 cybercrime helpline where citizens can report incidents related to SIM swap and port-out frauds.

Telecom operators in India are bound by the Telecom Regulatory Authority of India (TRAI) guidelines to perform strict e-KYC validation before processing MNP requests.

How to Protect Yourself

1. Use a Strong Mobile Network PIN or Password: Ask your telecom operator to set a special PIN that must be provided before any SIM-related request.

2. Enable Multi-Factor Authentication (MFA): Wherever possible, enable MFA on your bank and online accounts that goes beyond OTP via SMS.

3. Avoid Sharing Personal Information: Never share OTPs, Aadhaar, PAN, or bank details over phone or SMS unless you initiated a secure process.

4. Monitor Mobile Service Regularly: If your phone suddenly loses network connectivity, call your operator immediately before using alternative communication channels.

5. Register for Do Not Disturb (DND) Services: This limits unsolicited calls and phishing attempts.

6. Set Up Alerts for Mobile Number or UPI Transaction Changes: Use bank apps or telecom portals to get notified quickly about changes.

7. Use Virtual Private Network (VPN) and Updated Antivirus on Devices: To reduce the risk of malware and phishing attacks.

What to Do If You've Been Targeted

• Immediately contact your mobile operator to report unauthorized port-out or SIM swap and request a freeze or block on your number.

• Change passwords and security questions on all linked financial and social media accounts.

• Report the incident to cybercrime.gov.in and call the 1930 cybercrime helpline for assistance.

• Inform your bank and UPI provider about the fraud and request freezing of linked accounts and transactions.

• File a First Information Report (FIR) with your local police station detailing the suspected port hacking event.

• Keep all communication and complaint acknowledgements as evidence.

Early reporting is critical to limiting financial loss and recovering accounts.

Frequently Asked Questions

Q1: Can port hacking happen without my knowledge?
Yes, fraudsters use stolen personal data to impersonate you and request SIM porting from your operator without your consent.

Q2: How soon will I realize my number is ported out?
You may notice loss of network on your phone or suddenly stop receiving calls and messages. It can happen within minutes of the fraudster’s request.

Q3: Can I recover money lost due to port-out fraud?
Recovery depends on how quickly you report the fraud to banks and telecom operators. RBI guidelines encourage banks to reverse unauthorised transactions if reported timely.

Be vigilant, protect your mobile number as you would cash, and verify suspicious messages at BharatSecure.app. Report any suspected fraud immediately to the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.