What to do if I shared my OTP in a UPI scam?

If you've shared your OTP, contact your bank immediately via their helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161). Block your card or account, and report the incident to 1930 or cybercrime.gov.in.

How can I identify a SIM swap scam?

Look for unexpected OTP notifications, sudden requests for account re-verification, and any unauthorized transactions while your phone is unreachable — these are strong indicators of a potential SIM swap.

How to report a SIM swap scam in India?

To report a SIM swap scam, call the cybercrime helpline at 1930 or visit cybercrime.gov.in to submit a complaint. Make sure to also inform your bank immediately.

How to recover money or protect accounts after this scam?

Immediately contact your bank's helpline to freeze accounts and recover funds. Document any unauthorized transactions, report the fraud to 1930, and enhance your account's security settings.

Bank Account Takeover via SIM Swap

INDIA — By BharatSecure Threat Intelligence Team · Updated May 20, 2026

Verdict: Suspicious | Risk Score: 10/10 | Severity: critical

Category: UPI, KYC, Phishing

How Bank Account Takeover via SIM Swap Works

Overview: Bank Account Takeover through SIM Swap is one of the most damaging scams targeting Indians today. Once a scammer hijacks your phone number, they use it to trigger password resets and OTPs for your bank, UPI, and wallet apps — draining funds before you can react. The scam’s stealth and speed make it extremely dangerous, often leaving victims with heavy financial losses. How It Works: 1. Scammer already controls your phone number (via SIM swap, cloning, or duplicate issuance). 2. They open banking apps, try the 'forgot password' or reset process, selecting OTP delivery to your phone. 3. With OTPs, they reset access to your accounts. 4. Next, they change transactional PINs, add new beneficiaries, and quickly transfer money out. 5. In parallel, they may target UPI and wallet apps using similar flows. India Angle: This scam hits users of all major banks in India — SBI, HDFC, ICICI, Axis and more. Victims across metro and smaller cities have reported sudden large debits through UPI apps like PhonePe, Google Pay, or Paytm. Professionals and homemakers who rely on mobile OTPs for quick transactions are often blindsided. Real Examples: - Within fifteen minutes of a SIM swap, you get emails about password resets you never requested, and all OTPs go silent. - Bank app asks you to re-verify, while money is transferred from your account via UPI without your knowledge. Red Flags: 1. OTPs or password reset requests you did not initiate. 2. Email alerts about new logins, device changes, or password changes. 3. Bank/UPI apps suddenly log you out and ask to re-authenticate. 4. Transactions or withdrawals happening while you’re locked out of your phone number. Protective Measures: - Enable additional layers of verification (like app PINs or biometrics) in banking and payment apps. - Keep an eye on your email for suspicious password reset or login alerts. - Never share account recovery details or OTP with anyone, even if they claim to be bank support. - Register an email ID as a backup for banking alerts. If Victimised: 1. Call your bank and UPI providers to freeze accounts immediately. 2. Block the hacked SIM by contacting your operator. 3. Log complaints with 1930 and cybercrime.gov.in. 4. Change all your important passwords starting with email, then banking, then social media. Related Scams: - UPI Wallet Hijack after SIM Swap - Email Account Takeover via OTP Interception - KYC Details Phishing by Fake Bank Staff

How This Scam Works — Detailed Explanation

Bank Account Takeover via SIM Swap has become one of the most alarming threats for Indian consumers today. Scammers usually operate by first obtaining personal information about their victims through social media platforms like Facebook or WhatsApp. They often hunt for individuals who have shared details about their financial activities or have relatively weak security settings on their online profiles. Once they have a target in sight, they proceed to contact the victim's mobile service provider, posing as the legitimate user. They either request a SIM swap, which transfers the victim's phone number to a new SIM card, or use sophisticated methods to clone the SIM. With the phone number now controlled, scammers can bypass traditional security measures, as they are now able to receive one-time passwords (OTPs) and verification links sent by banks and UPI services.

The psychological tactics used by these scammers often exploit fear and urgency. After disabling the victim's original SIM, the scammer may initiate immediate fund transfers or purchase activities, relying on the panic and confusion that the victim experiences when they notice their phone is unreachable. Victims receive sudden notifications of OTP requests or password resets that they did not initiate, leading them to panic. This confusion often paralyzes the victim's response time, allowing the scammer ample opportunity to drain funds from bank accounts and digital wallets through UPI, Aadhaar-linked transactions, or direct banking apps such as SBI or HDFC. For instance, if a victim has linked their phone number to a UPI account, fraudulent transactions can be executed almost instantaneously, further complicating recovery efforts for the victim.

Once the scammer takes control of the victim’s financial accounts, the impact is swift and devastating. Victims often find themselves without access to their banking applications as they suddenly receive multiple alerts about new device logins or password changes. Transactions may be processed while the victim is still struggling to regain access to their phone or account, leading to substantial financial losses. In some harrowing cases, individuals have lost amounts ranging from ₹50,000 to over ₹5 crores in a matter of minutes. High-profile cases reported to the Ministry of Home Affairs and CERT-In highlight a growing trend — that SIM swap scams are on the rise, with victims from well-known financial institutions facing heavy losses.

The financial repercussions of these scams have been staggering; in 2022 alone, estimates indicated that cybercriminals siphoned off more than ₹1,500 crores from UPI users through various fraud schemes, SIM swap included. The National Payments Corporation of India (NPCI) and Reserve Bank of India (RBI) are continuously tightening guidelines to protect consumers, but the threat remains potent, given the rapid technological advancements and the hackers' cunning methods. As users of UPI and Aadhaar become more dependent on mobile transactions, the need to remain vigilant is crucial. Every Indian needs to be aware of the tactics used by scammers to ensure that they can protect their financial integrity.

Spotting a SIM swap fraud in action can be tricky, but there are specific red flags to be mindful of. For instance, if you receive unsolicited OTP messages for transactions or changes that you did not initiate, this could be a sign that a scammer is attempting to hijack your bank account. Similarly, sudden prompts for re-verification in your banking apps can indicate malicious activities. Furthermore, if you observe unexpected withdrawals while your phone becomes unreachable, or if you suddenly receive alerts about new login attempts or changes to your security questions, it is crucial to act. By staying informed and recognizing these signs early, victims can take swift action to avert catastrophic financial loss.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Bank Account Takeover via SIM Swap Target?

General public across India

Red Flags — How to Identify Bank Account Takeover via SIM Swap

Unusual bank OTP or password reset emails you did not request
Bank/UPI apps ask for re-verification suddenly
Money withdrawn while your phone is unreachable
Rapid, multiple alerts about new device logins

What To Do If You Encounter Bank Account Takeover via SIM Swap

Report the incident immediately to your bank's helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161.
Contact the cybercrime helpline at 1930 for guidance on next steps and to file a complaint.
Change your passwords for all banking and UPI applications as soon as possible.
Monitor your bank accounts regularly for unauthorized transactions and document any discrepancies.
Notify your mobile service provider to block your number and prevent further SIM swap attempts.
Review your security settings for online accounts and enable two-factor authentication where available.

How to Report Bank Account Takeover via SIM Swap in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: If you've shared your OTP, contact your bank immediately via their helpline (SBI: 1800-11-1109, HDFC: 1800-202-6161). Block your card or account, and report the incident to 1930 or cybercrime.gov.in.
How can I identify a SIM swap scam?: Look for unexpected OTP notifications, sudden requests for account re-verification, and any unauthorized transactions while your phone is unreachable — these are strong indicators of a potential SIM swap.
How to report a SIM swap scam in India?: To report a SIM swap scam, call the cybercrime helpline at 1930 or visit cybercrime.gov.in to submit a complaint. Make sure to also inform your bank immediately.
How to recover money or protect accounts after this scam?: Immediately contact your bank's helpline to freeze accounts and recover funds. Document any unauthorized transactions, report the fraud to 1930, and enhance your account's security settings.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.