SIM Swap UPI Takeover — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 27, 2026

Severity: CRITICAL | View Full Scam Details

Beware of SIM Swap UPI Takeover in India 2026: A Critical Cyber Fraud Risk

SIM Swap UPI Takeover is a critical scam targeting Indian mobile users that can lead to total financial loss by hijacking your phone number and UPI transactions.

What Is the SIM Swap UPI Takeover?

The SIM Swap UPI Takeover scam involves fraudsters stealing an individual’s mobile phone number by activating a duplicate SIM card in their possession. In India, where UPI (Unified Payments Interface) has become a primary mode of payments, your mobile number often serves not just as a contact point but also as a key identity for financial apps, online banking, and messaging platforms like WhatsApp. This makes the SIM Swap scam especially dangerous.

Fraudsters typically trick or bribe customer care executives at mobile network providers or use forged documents such as fake Aadhaar or PAN copies to convince the telecom operator to issue a new SIM card linked to the victim’s number. When the duplicate SIM activates, the victim’s original SIM loses network connectivity. All incoming calls and one-time passwords (OTPs) for transactions now go to the fraudster, who can reset UPI PINs and access bank accounts.

According to advisories from India’s CERT-In (the government cybersecurity agency) and the Indian Cyber Crime Coordination Centre (I4C), SIM Swap fraud has seen a sharp rise over recent years with increasing digitisation and mobile usage. The Reserve Bank of India (RBI) has also issued warnings about securing mobile numbers linked to bank accounts and UPI apps.

How This Scam Works — Step by Step

1. Target Selection: Fraudsters identify victims by gathering personal details such as name, mobile number, Aadhaar number, or PAN through phishing, social media, or data leaks.

2. Duplicate SIM Request: The fraudster calls the victim’s mobile operator’s customer care posing as the customer. Using forged Aadhaar or PAN, or by bribing/recruiting insiders, they request SIM replacement citing phone loss or damage.

3. Activation of Duplicate SIM: Once the telecom operator accepts, the duplicate SIM is activated, causing the victim’s phone to lose network.

4. Intercepting OTPs and Calls: The fraudster now receives all SMS messages and calls, including OTPs sent during UPI transactions or banking logins.

5. Resetting UPI PIN: Using the mobile number, the fraudster initiates a UPI PIN reset, receiving OTPs to the hijacked SIM.

6. Accessing Financial Accounts: With the new PIN, the fraudster authorises online payments, funds transfers, or even WhatsApp verification to impersonate the victim.

7. Stealing Money: The fraudster transfers money from the victim’s bank accounts using UPI or prompts contacts to send funds via WhatsApp.

Real Warning Signs to Watch For

• Sudden loss of mobile network on your phone without physical damage.
• Receiving an alert or SMS about SIM activation or number porting that you did not request.
• Failure to receive OTPs for UPI or banking transactions.
• Unexpected WhatsApp logout or verification requests on your device.
• Calls or messages from your bank asking for transaction confirmation you did not initiate.
• Unusual transaction alerts from your bank or UPI app.
• Notification about your mobile number being linked to another device.

What Happens to Victims

Victims of SIM Swap UPI Takeover face severe financial and emotional distress. With access to your mobile number, fraudsters can bypass banking security and drain funds instantly through UPI payments. Since UPI transactions are mostly irreversible, recovering lost INR sums can be challenging, and banks may take time to investigate.

Besides monetary loss, victims risk identity theft and misuse of linked services like Aadhaar, WhatsApp, and other financial apps. The emotional impact includes anxiety, loss of trust in digital payments, and the hassle of dealing with mobile operators, banks, and police complaints. The misuse of Aadhaar details in these scams also raises concerns about data privacy.

What RBI and CERT-In Say

The RBI has repeatedly cautioned customers to secure their mobile numbers and avoid sharing OTPs. It recommends registering for “Mobile Number Portability” and using multi-factor authentication besides OTPs. RBI’s Customer Education and Protection Department provides helpline support for fraud victims.

CERT-In advises telecom operators to strengthen customer identity verification before issuing SIM replacements. It also urges users to report suspicious calls immediately. The Government of India’s 1930 cybercrime helpline is active nationwide to assist victims of such fraud.

The I4C platform (cybercrime.gov.in) facilitates online cybercrime complaints and promotes awareness campaigns about digital frauds including SIM Swap scams.

How to Protect Yourself

1. Set Mobile SIM lock/porting PIN: Contact your mobile operator and request a strict PIN or password that must be provided before any SIM replacement or porting.

2. Avoid sharing OTPs: Never disclose OTPs or PINs to anyone, even if they claim to be bank officials or customer care.

3. Use app-based authentication: Where possible, switch from SMS-based OTPs to app-generated OTPs or biometric authentication on UPI and banking apps.

4. Monitor SMS alerts: Immediately report to bank and mobile operator if you notice missing OTPs or strange SMS messages.

5. Secure your Aadhaar and PAN: Do not share these documents casually and enable locking features available on UIDAI’s Aadhaar portal.

6. Enable WhatsApp two-step verification: This adds an extra PIN for verifying your account beyond SMS OTPs.

7. Regularly check bank statements: Be vigilant for any unauthorized transactions or changes in account details.

What to Do If You’ve Been Targeted

• Contact your mobile operator immediately to block the duplicate SIM and request network restoration on your original SIM.

• Report the incident to your bank or UPI app provider and freeze or block payment facilities temporarily.

• File a complaint with the police cybercrime cell and register an FIR mentioning SIM Swap as the suspected fraud.

• Lodge an online cybercrime complaint through the I4C portal (cybercrime.gov.in).

• Report to the 1930 cybercrime helpline for detailed assistance and guidance.

• Inform UIDAI if Aadhaar misuse is suspected to prevent further fraud.

• Change passwords and PINs for your financial apps and WhatsApp immediately once you regain control of your mobile number.

Frequently Asked Questions

Q1: Can SIM Swap happen without my knowledge?
Yes, SIM Swap scams often happen without any prior indication except sudden phone network loss. Fraudsters deceive telecom staff and customers rarely get early warning.

Q2: Is it possible to reverse UPI payments made in a SIM Swap scam?
UPI payments are designed to be instant and usually irretrievable. Victims can request their bank’s help, but recovery depends on fraud investigation which takes time.

Q3: How can I prevent SIM Swap if I lose my phone?
Contact your mobile operator at once to block your SIM and activate a duplicate yourself using a verified PIN, rather than relying on unverified third parties.

Stay vigilant! Verify any suspicious messages or calls claiming to be from banks, telecom operators, or UPI providers by visiting BharatSecure.app. Report digital fraud promptly at the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.