Scattered Spider Phishing and SIM Swapping — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 26, 2026

Severity: HIGH | View Full Scam Details

Beware in 2026: Scattered Spider Phishing and SIM Swapping Scam Targeting Indian Crypto Investors

The Scattered Spider phishing and SIM swapping scam is a growing cyber threat in India, putting cryptocurrency investors and tech workers at high financial risk.

What Is the Scattered Spider Phishing and SIM Swapping?

Scattered Spider is the name given to a sophisticated phishing and SIM swapping scam that has increasingly targeted Indian users involved in cryptocurrency investments and employees of tech companies. The scam combines social engineering with mobile number theft to bypass standard security and steal assets—primarily digital currency and online account access.

In India, the scam has gained traction due to rapid fintech adoption, widespread use of UPI for transactions, and growing interest in cryptocurrencies like Bitcoin and Ethereum. Fraudsters exploit this environment to lure victims via social media platforms such as WhatsApp and Telegram, and sometimes through fake charity donation campaigns related to crypto causes.

The Indian Computer Emergency Response Team (CERT-In) and Indian cybercrime agencies continue to monitor and issue warnings about these forms of phishing and SIM swapping. The Ministry of Home Affairs’ Indian Cyber Crime Coordination Centre (I4C) has also highlighted similar scams as part of their ongoing crackdown on financial fraud online.

How This Scam Works — Step by Step

1. Target Identification: Scammers search social media groups, crypto forums, and investment communities to find victims who show interest in cryptocurrency or work at tech companies.

2. Initial Contact: They reach out via WhatsApp or Telegram, often posing as fellow investors or official representatives from well-known crypto platforms or even government-backed initiatives, creating trust.

3. Building Trust With Social Engineering: Fraudsters engage in friendly chats, sometimes discussing fake investment tips or donation drives, making victims feel part of an exclusive community.

4. Phishing Link or Identity Request: Victims receive urgent messages asking them to click on a link to verify their identity, update KYC (Know Your Customer), or confirm a transaction. These links lead to fake websites mimicking legit crypto exchanges or fintech services.

5. Data Capture: When victims enter their details—mobile numbers, OTPs, Aadhaar info, login credentials—scammers capture this data in real time.

6. SIM Swap Execution: Using the stolen personal info, the scammer contacts the victim's mobile operator (sometimes using fake identity documents), persuading them to port the victim’s mobile number to a new SIM under the scammer’s control.

7. Full Account Takeover: With control of the victim’s phone number, scammers bypass two-factor authentication (2FA) systems that rely on SMS OTPs. They access crypto wallets, UPI apps, and bank accounts.

8. Funds Transfer: Scammers quickly transfer cryptocurrencies or perform UPI transactions to mule accounts, making recovery difficult.

9. Victim Realizes Too Late: The victim loses control over their phone, accounts, and money, often only noticing once substantial transactions have drained their funds.

Real Warning Signs to Watch For

• Unsolicited messages on WhatsApp or Telegram claiming exclusive crypto offers or investments
• Urgent demands to click on links or provide OTPs and personal documents
• Messages from accounts impersonating official government or crypto project IDs with spelling mistakes or slight variations
• Being asked to confirm or update Aadhaar or bank details unusually quickly
• Unexpected loss of mobile network signal without explanation, which can indicate SIM swap activation
• Receiving SMS alerts for transactions you did not initiate, especially UPI payments or crypto wallet logins
• Calls or messages pressuring you to act immediately, creating false urgency or fear of losing money

What Happens to Victims

Victims of Scattered Spider phishing and SIM swapping often suffer significant financial losses — sometimes running into lakhs of rupees in stolen cryptocurrencies or drained bank accounts. Because of SIM swapping, even UPI apps like Google Pay, PhonePe, or Paytm remain vulnerable when OTPs are intercepted.

Emotionally, victims can feel deeply violated and helpless, as their personal data, Aadhaar details, and even digital identities are misused. The loss extends beyond money: regaining control of accounts and mobile numbers can take weeks or months, while the trust in digital platforms erodes.

Victims often face difficulty reversing UPI transactions since the RBI’s rules limit reversal options once transactions complete. The emotional stress often increases due to fear of identity theft and future scams.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) has issued multiple advisories warning customers to never share OTPs, PINs, or personal details with unknown parties. RBI strictly advises customers to contact banks directly using official helpline numbers and cautions against clicking on suspicious links.

CERT-In urges vigilance against phishing and SIM swapping, recommending the use of App-based two-factor authentication instead of SMS OTPs whenever possible. India’s national cybercrime helpline 1930 supports victims with advice and reporting mechanisms.

The Indian Cyber Crime Coordination Centre (I4C) encourages public reporting of such scams via cybercrime.gov.in and has partnered with mobile operators to tighten SIM verification processes.

How to Protect Yourself

1. Never share OTPs, PINs, or Aadhaar info on WhatsApp, Telegram, or phone calls. Legitimate agencies won’t ask for these via chat or SMS.

2. Use app-based 2FA like Google Authenticator or device fingerprint instead of SMS OTP wherever possible.

3. Avoid clicking on unsolicited investment links or charity donation requests, even if they appear convincing.

4. Set a mobile number ‘Do Not Port’ status through your operator to prevent unauthorized SIM swaps.

5. Regularly check your mobile network status and immediately report network loss or unusual outages to your operator.

6. Keep your Aadhaar and bank details confidential. Only share via official portals and never over chats or calls.

7. Enable transaction alerts for UPI and bank accounts and verify every payment immediately. Report unauthorized transactions to your bank and the RBI helpline without delay.

What to Do If You've Been Targeted

• Immediately contact your mobile operator to block the SIM and request a re-issue of your original number.

• Call the 1930 cybercrime helpline and file an online cybercrime complaint at cybercrime.gov.in.

• Inform your bank and crypto exchange immediately to freeze your accounts and stop further transactions.

• File a police complaint (FIR) citing the phishing and SIM swapping nature of the fraud. Local cybercrime cells are equipped to investigate these scams.

• Change all passwords for your online accounts from a secure device, especially email and wallets.

• If Aadhaar details were compromised, inform UIDAI and monitor your account for misuse.

Frequently Asked Questions

Q: How can scammers perform SIM swapping even when we need documentation?
A: Scammers use fake or stolen identity documents along with social engineering to convince mobile operators to switch your number to their SIM. Some operators have tightened processes but risks remain, especially if your personal data is already leaked.

Q: Can I reverse UPI transactions done through SIM swapping?
A: Unfortunately, most UPI transactions are instant and cannot be reversed once complete. Immediate reporting to your bank and blocking accounts can prevent further loss, but recovering stolen funds is challenging.

Q: Are crypto wallets insured against phishing or SIM swap attacks?
A: No Indian crypto wallets or exchanges currently provide insurance for losses caused by phishing or SIM swaps. Users must practice strong security and remain vigilant to avoid falling victim.

If you receive suspicious messages or calls related to investments or requests for personal info, stop and verify immediately at BharatSecure.app. Protect yourself and your money from scams like Scattered Spider phishing and SIM swapping today!