Retailer-Based SIM Swap Using Leaked Data — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 30, 2026

Severity: CRITICAL | View Full Scam Details

Retailer-Based SIM Swap Using Leaked Data in India 2026: A Critical UPI and OTP Fraud Alert

Retailers in India may unknowingly aid fraudsters in SIM swap scams using leaked personal data, putting your UPI payments, Aadhaar, and bank accounts at severe risk.

What Is the Retailer-Based SIM Swap Using Leaked Data?

The retailer-based SIM swap scam leverages leaked personal information to hijack mobile numbers via India's telecom retail outlets. Fraudsters use stolen KYC (Know Your Customer) data such as Aadhaar details, phone numbers, and sometimes OTPs to convince mobile retailers to issue new SIM cards in the victim’s name. This grants the scammers full control over the victim’s phone number — a key to unlocking UPI payments, banking apps, and other services secured by OTP.

This scam targets digitally active Indians, especially those who use UPI frequently for instant payments and rely on mobile number-based authentication. Since Indian banks and payment apps like PhonePe, Google Pay, and Paytm link UPI IDs to mobile numbers, a SIM swap can lead to immediate financial loss. CERT-In and the Indian Cyber Crime Coordination Centre (I4C) have flagged this as a rising cyber threat due to increasing reports from multiple states, including Maharashtra, Telangana, and Delhi.

The Reserve Bank of India (RBI) has also issued warnings about OTP interception and SIM swap frauds, urging users and mobile retailers to be vigilant and implement stronger KYC verification. Leaked data from data breaches is often sold on the dark web, feeding this scam machine.

How This Scam Works — Step by Step

1. Data Gathering: Fraudsters acquire leaked personal information such as Aadhaar numbers, bank account details, phone numbers, and partial KYC data from underground data markets or phishing attacks.

2. Retailer Contact: Scammers approach a mobile retailer (a local mobile shop or SIM card vendor) pretending to be the legitimate customer, often quoting stolen KYC details to convince the retailer that they are requesting a SIM replacement.

3. SIM Swap Request: The retailer, often under pressure or lacking verification tools, issues a new SIM card linked to the victim’s phone number.

4. SIM Activation: The new SIM gets activated and the victim's original SIM gets blocked. The victim loses phone service and is left unaware initially.

5. OTP Intercept: Fraudsters attempt transactions from banking apps or UPI platforms like BHIM or Google Pay linked to that phone number. OTPs (One-Time Passwords) sent to the phone are received on the scammer’s SIM, allowing them to complete transactions.

6. Financial Theft: Using UPI IDs, fraudsters transfer money out, sometimes in small amounts multiple times to bypass sudden transaction detection. They may also change registered email and password details on the victim’s apps to prevent account recovery.

7. Aftermath: Victims may notice failed transactions or loss of phone signal. By this time, significant money may be stolen, often INR 10,000 to several lakhs depending on the victim's bank balance and linked wallets.

Real Warning Signs to Watch For

• Unexpected loss of mobile network or no signal despite your phone being fine.
• Receiving OTPs for transactions or password resets you did not initiate.
• Calls from unknown numbers posing as bank officials or telecom retailers asking for personal details.
• SMS or WhatsApp messages informing about SIM activation or KYC confirmation not performed by you.
• Suspicious UPI transactions or alerts from your bank for changes you did not authorize.
• Retailers or mobile shops requesting Aadhaar or biometric authentication repeatedly without proper explanation.
• News or advisories issued by RBI, CERT-In on SIM swap or UPI fraud circulating in your area.

What Happens to Victims

Victims suffer immediate financial loss as unauthorized UPI transactions drain their bank accounts. Since UPI payments are instantaneous and hard to reverse once confirmed, victims often struggle to recover money. The misuse of Aadhaar data during KYC can lead to deeper identity theft, affecting credit scores and future banking access.

Beyond finances, losing control of your SIM disrupts communication — no access to calls or WhatsApp, missing important alerts, and difficulty in reporting fraud quickly. Emotional distress is common as victims feel helpless watching cybercriminals exploit their trust in everyday digital services.

Victims must grapple with complex recovery procedures involving banks, telecom providers, and law enforcement, sometimes taking months for resolution.

What RBI and CERT-In Say

The RBI has warned banks and customers to strengthen multi-factor authentication and educate users on risks of SIM swaps and OTP theft. Their advisories recommend banks not rely solely on mobile number authentication for critical transactions.

CERT-In (Indian Computer Emergency Response Team) has issued alerts about mobile SIM swap frauds emphasizing the need for telecom retailers to conduct thorough KYC checks and for customers to report SIM-related issues immediately.

For assistance, victims can call the national cybercrime helpline 1930 to report fraud. The RBI banking helpline is also available for grievances related to unauthorized transactions.

CERT-In continues to work with telecom authorities to monitor such incidents and push for stronger consumer protection frameworks against misuse of Aadhaar and leaked data.

How to Protect Yourself

1. Never share OTPs or personal details via phone or WhatsApp, even if the caller claims to be from your bank or mobile provider.

2. Immediately report any loss of mobile signal or suspicious SIM activity to your telecom provider and block the SIM if possible.

3. Use app-based authentication (such as biometrics or PINs) instead of relying solely on OTPs for UPI and banking apps.

4. Regularly monitor bank and UPI transactions to spot irregular activity early.

5. Avoid providing Aadhaar or other KYC documents to retailers without verifying their credentials.

6. Register for mobile number porting or SIM lock services if available to prevent unauthorized SIM issuance.

7. Use multiple security layers for your bank accounts and UPI apps, including transaction limits and notifications.

What to Do If You've Been Targeted

• Immediately contact your mobile service provider to block or deactivate the duplicated SIM.

• Notify your bank and freeze your accounts or UPI IDs to prevent further unauthorized transactions.

• File a complaint on the National Cyber Crime Reporting Portal at cybercrime.gov.in with all details including dates, phone numbers, and transaction info.

• Call the 1930 cybercrime helpline for assistance and guidance on next steps.

• Report to the RBI banking ombudsman if your bank is unresponsive or slow to act on fraud claims.

• Consider changing all related passwords, including your Aadhaar-linked services, email, and payment apps.

• Inform close contacts that your phone may be compromised to avoid further social engineering attacks.

Frequently Asked Questions

Q: How can fraudsters get my Aadhaar and bank details for this scam?
A: Often through data leaks, phishing attacks, or buying stolen information from dark web markets, fraudsters collect partial KYC and personal data that helps them impersonate you at mobile retailers.

Q: What should I do if I lose mobile signal suddenly for no reason?
A: Immediately check with your telecom provider. If your SIM is suspected to be swapped, request immediate blocking or deactivation and alert your bank of potential fraud.

Q: Can I recover money lost due to this SIM swap and UPI fraud?
A: Recovery is difficult but not impossible. Prompt reporting to banks, telecom, and cybercrime authorities increases chances of freezing funds or tracing transactions. RBI guidelines recommend banks have clear grievance redressal mechanisms.

Check any suspicious SMS, WhatsApp message, or call claiming to be from banks or mobile providers at BharatSecure.app. If you suspect fraud, report it immediately at the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.