Scattered Spider SIM Swapping and Phishing Attacks — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated Apr 30, 2026

Severity: HIGH | View Full Scam Details

Scattered Spider SIM Swapping & Phishing: Don't Be a 2026 Target, India!

Scattered Spider is a notorious group using SIM swapping and phishing attacks to steal money and data – learn how to protect yourself.

What Is the Scattered Spider SIM Swapping and Phishing Attacks?

The "Scattered Spider" attacks represent a sophisticated form of cybercrime impacting individuals across India. These scams combine social engineering with technical manipulation, focusing primarily on SIM swapping and phishing. In SIM swapping, criminals hijack your mobile phone number, allowing them to intercept one-time passwords (OTPs) and other verification codes. Phishing involves tricking you into revealing sensitive information like bank details or personal credentials through fake messages or websites.

Scattered Spider attackers typically target individuals active online, particularly those engaged with technology, cryptocurrency, and financial services. They often initiate contact via social media platforms like Facebook, Instagram, LinkedIn, or even WhatsApp. Scammers may pose as representatives of legitimate tech companies, cryptocurrency exchanges, or even government agencies to gain your trust. Due to the intricate social engineering employed, they manage to cause a high degree of financial and emotional harm. While specific data on Scattered Spider's impact in India is still emerging, the rising number of cybercrime incidents reported to CERT-In and I4C suggests a significant threat.

How This Scam Works — Step by Step

Here's the typical sequence of events in a Scattered Spider SIM swapping and phishing attack targeting Indians:

1. Initial Contact: The scammer initiates contact through a seemingly innocent message on social media or WhatsApp. They might claim to be a representative of a well-known tech company, offering a special promotion or asking for assistance testing a new app.

2. Building Trust: They'll engage in conversation, attempting to build rapport and gain your trust. They might share fake credentials or point to fabricated online reviews to appear legitimate.

3. Phishing Attempt: Once they have your trust, they'll try to phish for sensitive information. They might ask you to click on a link that directs you to a fake login page resembling a real bank or UPI app. Alternatively, they could request “verification details” over chat related to your Aadhaar or bank account.

4. SIM Swapping Trigger: Using the information they've gathered (often including your name, address, and phone number), they contact your telecom provider (e.g., Airtel, Jio, Vi). They might falsely claim your SIM card is lost/damaged or that you need to upgrade to a 5G SIM to intercept your calls and SMS messages.

5. OTP Interception: Once they've successfully SIM swapped your number, all OTPs and verification codes sent to your phone will go directly to them. This includes codes required to access your bank accounts, UPI apps (Paytm, PhonePe, Google Pay), and email accounts.

6. Financial Fraud: With access to your accounts, the scammers can transfer funds, make unauthorized purchases, and even take out loans in your name. They can also use your stolen identity for further fraudulent activities, such as opening fake accounts or applying for credit cards.

Real Warning Signs to Watch For

• Unsolicited Messages: Be wary of unasked messages from unknown numbers or people on social media, especially if they promise rewards or request personal information.
• Suspicious Links: Never click on links sent by unverified individuals, especially if the link leads to a login page or asks for your credentials. Always manually type the website address in your browser.
• Urgent Requests: Be suspicious of anyone pressuring you to act quickly or share information immediately. Scammers often use urgency to prevent you from thinking clearly.
• Personal Information Requests: Never share personal information such as your Aadhaar number, PAN card details, bank account details, or OTPs with anyone you don't trust.
• SIM Card Issues: If your phone suddenly loses signal or you receive an unexpected message about SIM card activation, contact your telecom provider immediately.
• Requests to Test Apps or Services: Be skeptical of offers to "test" new apps or services that require you to provide personal information or payment details. Verify the legitimacy of the company.
• Odd Profiles: Check the profiles of people who contact you. Are they new? Do they have many connections? Does their profile picture look legitimate?

What Happens to Victims

Victims of Scattered Spider attacks can face significant financial losses, ranging from a few thousand INR to several lakhs, depending on the extent of the damage. Beyond the financial impact, these attacks can cause severe emotional distress, anxiety, and a feeling of violation. Stolen personal information can be used for identity theft, leading to long-term consequences. For example, your Aadhaar details can be misused to obtain fake documents or credit, creating significant legal and financial complications. Successful SIM swaps can shut down your social media and email access, causing further damage. It can take significant time and effort to recover stolen funds and restore your credit score.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) constantly issues advisories to the public about digital fraud, emphasizing the importance of not sharing sensitive banking information with anyone. CERT-In (Indian Computer Emergency Response Team) also releases regular alerts regarding phishing attacks and SIM swapping schemes. While they may not specifically name "Scattered Spider," their general guidance on cyber safety applies to this threat. The government's cybercrime.gov.in portal also provides resources and reporting mechanisms for victims of cyber fraud, along with the 1930 cybercrime helpline. RBI frequently urges people to enable two-factor authentication and regularly review their bank statements for any suspicious activity.

How to Protect Yourself

1. Strong Passwords & Two-Factor Authentication: Use strong, unique passwords for all your online accounts. Enable two-factor authentication (2FA) whenever possible, using authenticator apps instead of SMS-based OTPs.
2. Verify Every Request: Always independently verify any requests for personal information, even if they appear to come from a trusted source. Contact the organization directly using official channels.
3. Be Skeptical of Unsolicited Messages: Treat all unsolicited messages with caution, especially those promising rewards or asking for personal information.
4. Monitor Your Bank & UPI Accounts: Regularly check your bank statements, UPI transaction history, and credit reports for any suspicious activity.
5. Secure Your SIM Card: Set up a SIM lock PIN with your telecom provider to prevent unauthorized SIM swaps.
6. Update Software Regularly: Keep your devices and apps updated with the latest security patches to protect against vulnerabilities.
7. Be Careful What You Share Online: Be mindful of the information you share on social media, as scammers can use this data to target you.

What to Do If You've Been Targeted

1. Report to the Cybercrime Helpline: Immediately call the cybercrime helpline at 1930 to report the incident and block any fraudulent transactions.
2. File a Complaint: File a formal complaint on the cybercrime.gov.in portal and at your local police station.
3. Contact Your Bank and Telecom Provider: Inform your bank and telecom provider about the incident and request them to freeze your accounts and block your SIM card.
4. Change Your Passwords: Change your passwords for all your online accounts, especially those associated with your bank accounts, email, and social media.
5. Monitor Your Credit Report: Regularly monitor your credit report to check for any fraudulent activity.
6. Alert Family and Friends: Warn your family and friends about the scam so they can avoid becoming victims as well.

Frequently Asked Questions

Q: How do I know if my SIM card has been swapped? A: Common signs include sudden loss of network signal, receiving SMS messages about a successful SIM swap that you didn't initiate, or not receiving OTPs that you're expecting.

Q: What if I accidentally clicked on a phishing link? A: Immediately change your passwords for any accounts that you might have entered credentials into via that link. Contact your bank and monitor your accounts for any suspicious activity. Run a full scan on your device using a reputable antivirus program.

Q: Can I get my money back if I've been scammed? A: Recovering stolen funds is not always guaranteed, but it's essential to report the incident immediately to the cybercrime helpline, your bank, and the police. The sooner you report the fraud, the higher the chances of recovering your money. RBI guidelines also mandate banks to have certain procedures for reimbursing customers in case of unauthorized transactions if reported promptly.

Always verify suspicious messages and digital interactions at BharatSecure.app to stay one step ahead of cyber fraud.