SIM Swap Fraud (OTP Interception) — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: CRITICAL | View Full Scam Details

SIM Swap Fraud (OTP Interception) in India 2026: How Scammers Steal Your Money Using Your Phone Number

SIM Swap Fraud is a critical cybercrime threat in India that allows fraudsters to hijack your phone number and intercept your banking OTPs, putting your money and identity at serious risk.

What Is the SIM Swap Fraud (OTP Interception)?

SIM Swap Fraud, also called SIM Cloning or SIM Hijacking, is a rising scam in India where criminals trick your mobile service provider into giving them a duplicate SIM card linked to your phone number. This scam mainly targets smartphone users who rely on OTPs (One Time Passwords) sent to their mobile for authorizing UPI payments, bank transactions, and app verifications like WhatsApp.

In India, scammers gather personal details such as your full name, date of birth, Aadhaar number, and phone number using various methods—data breaches, social media snooping, phishing calls, or SMS. They use this data to convince telecom customer care representatives that they are the legitimate user requesting a SIM replacement, often citing reasons like phone loss or damage. Once the telecom operator issues the duplicate SIM, your original SIM is deactivated without your knowledge.

This fraud is alarmingly widespread in India’s digitally connected population, affecting both urban and rural users. According to reports from India’s Indian Cyber Crime Coordination Centre (I4C) and advisories from CERT-In (Indian Computer Emergency Response Team), SIM Swap Fraud was one of the top causes of digital financial frauds in 2025, and the trend continues into 2026. The Reserve Bank of India (RBI) has also issued circulars warning banks and payment service providers about increased incidents of OTP interception via SIM swaps.

How This Scam Works — Step by Step

1. Data Collection: Fraudsters first gather your sensitive information, including Aadhaar data leaked from breaches, phone number, and personal details visible on social media or obtained through phishing calls pretending to be bank or telecom executives.

2. Contacting Telecom Provider: Using this information, the scammer calls your mobile operator’s customer care or visits a nearby SIM card store, claiming to be you. They say they lost their phone or SIM and request a new SIM card.

3. Social Engineering & Persuasion: The scammer may use fake documents or answers to secret questions, and sometimes bribe or threaten telecom staff to issue a duplicate SIM. Given lax verification sometimes found in poorly supervised stores, this step often succeeds.

4. SIM Swap Execution: Once the new SIM is activated, your original SIM is automatically deactivated, meaning you lose network access on your phone immediately.

5. OTP Interception: All your incoming SMSes—including sensitive OTPs for UPI transactions, online banking, and WhatsApp verification—are now received by the scammer’s device.

6. Financial Theft: The scammer then initiates UPI or bank transactions using your account, receiving OTPs on their device to authorize payments, effectively stealing money from your bank.

7. Covering Tracks: The victim notices loss of network; meanwhile, the scammer quickly transfers money to other accounts or cashes out, making reversal difficult.

Real Warning Signs to Watch For

• Sudden loss of mobile network or calls dropping without any phone damage.
• Receiving unexpected SMS alert from your telecom operator about SIM swap or service deactivation.
• Not receiving OTPs for bank or UPI transactions you initiated.
• Calls or SMS from unknown numbers pretending to be your bank or telecom asking for personal info.
• Delayed or failed attempts to log into WhatsApp or other apps linked to your phone number.
• Notification from your bank or payment apps about failed or unauthorized transactions.
• Seeing transactions you never made in your bank or UPI app statements.

What Happens to Victims

Victims of SIM Swap Fraud in India face immense financial and emotional distress. Their bank accounts, linked to Aadhaar and UPI, can be drained within minutes if fraudsters intercept OTPs successfully. Many victims lose lakhs of rupees without any immediate way to block or reverse transactions, especially because UPI payments authorized by OTP are instant and irreversible.

Beyond financial loss, victims also struggle with identity misuse since WhatsApp and other apps linked to the phone number can be hijacked, leading to further social engineering attacks on friends and family. The trauma includes loss of trust in digital services, anxiety over privacy breach, and time-consuming recovery procedures.

What RBI and CERT-In Say

The Reserve Bank of India has strongly advised all banks and payment providers to implement multi-factor authentication methods beyond OTPs, such as biometric or in-app approvals, to reduce SIM swap-related fraud. RBI’s 2018 circular stressed limiting OTP use for high-value transactions without additional authentication.

CERT-In issues regular advisories urging consumers to keep their personal data secure and report SIM swapping immediately to their telecom operator. The Indian Cyber Crime Coordination Centre (I4C) operates the national cybercrime helpline 1930, available to assist victims in filing complaints and initiating investigations.

The Department of Telecommunications has also mandated stricter Know Your Customer (KYC) norms and biometric verification for issuing duplicate SIMs, though enforcement varies.

How to Protect Yourself

1. Set a SIM card PIN or lock: Contact your telecom provider to enable a PIN/password before SIM swaps can be processed.
2. Avoid oversharing: Do not share your Aadhaar number, date of birth, or phone details on public platforms.
3. Beware of phishing: Never give OTPs, PINs, or personal info on calls or SMS from unknown or unverified sources.
4. Use app-based authentication: Prefer UPI apps that support biometric or passcode authentication beyond OTPs.
5. Monitor your bank accounts and UPI apps daily: Immediately report any unauthorized transactions.
6. Register ‘Do Not Disturb’ preferences: To reduce spam calling that might lead to phishing.
7. Request telecom operators for extra KYC verification: Insist on biometric or in-person verification before any SIM replacement.

What to Do If You've Been Targeted

1. Immediately call your telecom operator: Request immediate blocking of the SIM and to revert to your original SIM if possible.
2. Change all your banking and UPI app passwords: Disable or log out of WhatsApp and other linked apps.
3. Contact your bank’s fraud helpline: Report unauthorized transactions and request transaction reversal. RBI guidelines require banks to investigate reported frauds promptly.
4. File a complaint on the cybercrime portal: Visit cybercrime.gov.in or call the national cybercrime helpline 1930 for assistance.
5. Report to local police: Cybercrime cells are equipped to handle digital fraud cases, and FIRs (First Information Reports) help in legal investigations.
6. Keep records: Save all messages, call logs, and emails related to the incident for evidence.
7. Stay alert: Monitor your accounts for some months after the incident, as scammers may attempt follow-up frauds.

Frequently Asked Questions

Q: How quickly can a SIM swap fraud happen and steal money?
A: SIM swap fraud can happen within minutes. As soon as the scammer activates a duplicate SIM, they get your OTPs instantly and can authorize UPI or bank transactions immediately.

Q: Can I reverse UPI transactions made through SIM swap fraud?
A: UPI payments are instant and generally irreversible, but you should immediately contact your bank and report fraud. Banks can sometimes help freeze accounts and try recovery depending on circumstances and timing.

Q: How do telecom operators verify SIM swap requests?
A: Telecom operators use KYC documents, security questions, OTP from existing SIM, and sometimes biometric verification. However, scammers often bypass these via social engineering, so stronger safeguards are being implemented.

Stay alert and safe by verifying any suspicious messages or calls about your mobile or banking details at BharatSecure.app — India’s trusted platform to protect you from digital fraud.