Aadhaar-linked Mobile Hijack and OTP Fraud

How Aadhaar-linked Mobile Hijack and OTP Fraud Works

Overview: Aadhaar-linked Mobile Hijack and OTP Fraud is an advanced scam where criminals seize control of a person’s mobile number registered with Aadhaar, then intercept OTPs (one-time passwords) to access bank accounts, take loans, or open new digital services in the victim’s name. Deepfake technology may be used during the initial identity validation or KYC video calls, escalating the risk. This scam can quickly drain bank balances and create debt in the victim's name with little warning. How It Works: 1. Fraudsters first gather Aadhaar details, often stolen via phishing, leaked databases, or social engineering. 2. Using deepfake videos that mimic the victim’s face, they pass video-based or selfie KYC for SIM re-issuance or mobile number linking (via online KYC or physical CSC kiosks). 3. They manage to get the victim’s mobile SIM suspended/ported and issue a new SIM in their control, or update the mobile-linked number in the Aadhaar ecosystem. 4. The attacker receives all future OTPs required for banking, UPI, instant loans, and account updates. 5. Fraudulent transactions and new account/lending set-ups are completed rapidly, often before the victim notices loss of signal. India Angle: This scam is rampant in regions with high Aadhaar coverage and rapid digital banking growth, particularly Gujarat, Delhi, Maharashtra, and UP. Rural and semi-urban populations are at special risk when relying on agents or CSC operators for SIM or Aadhaar services. Young professionals, students, and rural women who may not detect a temporary signal loss quickly are prime targets. Real Examples: - Shortly after losing all network signal, a bank customer receives SMSes for loan approval and high-value UPI transactions she never authorised. - “Dear subscriber, your SIM card will be deactivated due to KYC discrepancy. Update details now: [fake link].” Red Flags: - Sudden loss of mobile network without reason - SMS warnings about SIM deactivation or KYC issues - OTPs/codes arriving even when no banking transaction was made - Alerts for new bank/loan accounts you didn’t initiate Protective Measures: - Register Aadhaar and SIM changes only via official portals or direct at telecom outlets - Never share OTPs, Aadhaar images, or mobile details with callers/messengers - Switch to phone/email alerts for all account activities - Activate SIM lock and strong 2FA (two-factor authentication) on key banking apps If Victimised: - Inform your telecom provider immediately so your number can be secured - File an urgent online complaint at cybercrime.gov.in and call 1930 - Report unauthorised loans or new accounts to your bank Related Scams: - SIM porting fraud - Instant loan fraud via fake KYC - Phishing for Aadhaar and mobile information

How This Scam Works — Detailed Explanation

The Aadhaar-linked Mobile Hijack and OTP Fraud begins when scammers identify potential victims through social media platforms like Facebook or WhatsApp. Criminals often pose as customer service representatives from banks or government agencies, capitalizing on people's trust. Once they establish contact, they can sometimes use techniques like social engineering to extract personal information such as your Aadhaar number, phone number, or even bank details under the guise of needing to verify your identity. This initial contact is often framed as essential for your account security or a mandatory KYC update required by Reserve Bank of India (RBI) guidelines.

Once they have this sensitive information, scammers deploy various psychological tactics. They may create a sense of urgency, indicating that your account has been compromised or that immediate action is needed to prevent a financial loss. As part of the ruse, victims receive messages claiming they must click on a link or provide further information. This could include a fake website where victims are tricked into entering sensitive login details or OTPs, thus giving the scammers direct access to their accounts. With the prevalence of deepfake technology, scammers may also attempt to impersonate legitimate representatives in video calls to validate their claims further, adding another layer of trickery.

After gaining access to the victim’s mobile number linked to Aadhaar, scammers take control of the SIM card, leading to a sudden loss of mobile network. Simultaneously, they will intercept OTPs sent to the victim’s phone for transactions, loans, or new digital service accounts. For instance, a victim might receive multiple SMS notifications regarding transactions or loans for amounts they did not apply for. By the time victims realize they are being scammed, their bank accounts may already be drained or new loans taken out in their name, often amounting to lakhs or even crores of rupees.

The real-world impact of this type of fraud has been staggering. According to estimates, over ₹12 crore has been lost to similar scams in India over the past year alone, as reported by the Ministry of Home Affairs (MHA). With increasing UPI transactions and reliance on mobile banking, this form of fraud is expected to escalate, becoming a mainstream concern. Government advisories from CERT-In have warned the public about the rising cases of OTP frauds, urging consumers to stay vigilant and informed.

Spotting a scam may seem daunting, but there are key indicators. If you experience a sudden loss of mobile network or receive unfamiliar OTP messages for transactions you didn’t initiate, it’s a clear red flag. Additionally, SMS warnings about urgent KYC actions or notifications for loans or accounts you haven’t applied for should not be ignored. Always verify through official channels before taking action and avoid any communication that seems questionable. Stay vigilant and question every communication that prompts urgent action related to your financial details.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Aadhaar-linked Mobile Hijack and OTP Fraud Target?

General public across India

Red Flags — How to Identify Aadhaar-linked Mobile Hijack and OTP Fraud

• Sudden, unexplained loss of mobile network
• Unfamiliar OTP messages arriving for uninitiated transactions
• SMS warnings about urgent KYC or SIM action needed
• Instant notifications for loans or accounts you didn't apply for

What To Do If You Encounter Aadhaar-linked Mobile Hijack and OTP Fraud

1. Report the incident to the cybercrime helpline at 1930 or visit cybercrime.gov.in.
2. Immediately notify your bank's customer service; call SBI at 1800-11-1109 or HDFC at 1800-202-6161.
3. Suspend your mobile service by contacting your mobile provider to prevent further fraud.
4. Change your online banking passwords and enable two-factor authentication for added security.
5. Monitor your bank account closely for any unauthorized transactions.
6. Educate your family and friends about this scam to ensure they know the signs.

How to Report Aadhaar-linked Mobile Hijack and OTP Fraud in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's customer service; call SBI at 1800-11-1109 or HDFC at 1800-202-6161 to report the incident.

How can I identify this specific scam?

Look for sudden network loss, unfamiliar OTPs for transactions, and unexpected loan notifications. These could indicate your number has been hijacked.

How do I report this type of scam in India?

Report to the cybercrime helpline at 1930 or visit cybercrime.gov.in to file a complaint. Also, notify your bank about the fraud.

What are the steps to recover my money or protect my accounts after this scam?

Contact your bank to freeze your accounts, change all login credentials, and report the incident to cybercrime authorities for further action.

Related Scams in India

• 'PrintSteal' Operation - Fake KYC Document Generation
• AI Deepfake & Synthetic Document Scams
• AI Deepfake Bank Alert Scams
• AI Deepfake Exchange Impersonation
• AI Deepfake Executive Authorization Scam

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.