KYC/E-SIM Fraud Hijacking Mobile Numbers

How KYC/E-SIM Fraud Hijacking Mobile Numbers Works

Overview: Scammers are exploiting eSIM and KYC update fraud to take control of individuals’ mobile numbers in India. With control of the number, they can intercept sensitive SMS-based transactions and reset passwords for banking, UPI, and social media accounts. This is especially dangerous for Indians who rely heavily on their mobile number for authentication and digital finance. How It Works: 1. Victims receive a call or text saying their phone service will be suspended unless they complete an urgent KYC or eSIM update. 2. The scammer poses as a telecom staff and asks the victim to share identity details, OTPs, or scan a QR code to “verify” their number. 3. These details allow the scammer to hijack the SIM/eSIM or port the number onto their own device. 4. The fraudster now receives all OTPs or SMS meant for the victim, using this access to steal money, change passwords, or lock the victim out of vital accounts. India Angle: This scam mostly affects users in urban and semi-urban India who use mobiles for UPI and banking. It is popular in regions with large migrant and professional populations. Real Examples: - SMS: "SIM card will be blocked for non-KYC. Reply YES to continue or your number will stop working." - Call: “Aadhaar must be updated for your mobile number. We need your one-time password now to process your request.” Red Flags: 1. Calls or texts threatening to block your number if you don’t act 2. Requests for personal details or identity proof 3. Instructions to scan QR codes or share screenshots 4. Strange sense of urgency and refusal to let you verify independently Protective Measures: - Do not share OTPs, QR codes, or identity details unless you have initiated the request yourself - Always confirm through official telecommunications apps or customer care - Enable strong security on your bank and online accounts - Educate family members who may not be tech-savvy If Victimised: - Contact your telecom provider to lock the SIM or reverse changes - Inform your bank(s) and change your online account passwords - Report to the local police cyber cell and cybercrime.gov.in. Preserve all related messages and calls Related Scams: - SIM swap fraud for fraudulent bank withdrawals - Fake digital KYC requests from payment app imposters - Social media account hijackings using number-based password resets

How This Scam Works — Detailed Explanation

In India, scammers are increasingly capitalizing on the widespread use of mobile phones for financial transactions, particularly with the UPI system. These criminals often initiate contact through phone calls or text messages, claiming to represent a telecom service provider. They typically target individuals who appear to be less tech-savvy or are facing some common issues with their phones. For example, they might use social engineering tactics to create a sense of urgency, claiming the victim's service will be suspended unless immediate action is taken. Such communications can come from spoofed numbers that mimic those of legitimate companies, adding layers of deception that make it easy for victims to fall prey to these scams.

The scammers' tactics often rely on psychological manipulation to pressure individuals into complying with their requests. They may promise seamless service restoration or improvements in network connectivity as bait. Typically, they ask for sensitive personal information under the pretense of needing to update KYC for eSIM services, only to pivot and request OTPs or other verification details. Because they act quickly, using high-pressure language—such as threats of disconnection or loss of service—victims are left in a flurry and may overlook their gut instincts to double-check the authenticity of the call. The fear of losing mobile service, which is vital for UPI transactions, further compounds this psychological tactic.

Once a victim complies with the scammers, the consequence can be dire. For instance, after providing sensitive information, victims find that their mobile numbers have been hijacked, leaving them vulnerable to an array of unauthorized activities. Scammers can intercept SMS codes needed for banking, reset passwords for social media accounts, and access money through various UPI apps. In recent cases, individuals have reported losing as much as ₹10 crore collectively due to this type of scam. Victim accounts reveal a common trend of being left unable to access their accounts, leading to financial turmoil and stress while trying to regain control over their personal information.

The impact of KYC/E-SIM fraud extends beyond individual victims; the financial repercussions cascades throughout the economy, straining both banks and telecom services. Reports show that the Ministry of Home Affairs, the Reserve Bank of India, and CERT-In have acknowledged the rising tide of these scams. Given the reliance on mobile numbers for secure transactions like UPI transfers, the losses can spiral, with estimates indicating over ₹500 crore lost in the past year due to various mobile-facilitated scams. This alarming trend underscores the urgency for improved public awareness and prompt reporting mechanisms to combat these fraudulent schemes.

To differentiate between genuine communications and scams, it is pivotal for users to verify any requests they receive. Legitimate telecom communications typically do not ask for sensitive information like OTPs or personal details over the phone. Always look for direct official channels — if you're contacted, hang up and call your service provider directly to confirm any changes in your account. Make it a habit to maintain privacy about KYC procedures, as actual telecom companies send notifications through official apps, and they have well-established processes that never involve urgent, high-pressure phone calls. By recognizing these telltale signs, individuals can better equip themselves against the fallout of such scams.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does KYC/E-SIM Fraud Hijacking Mobile Numbers Target?

General public across India

Red Flags — How to Identify KYC/E-SIM Fraud Hijacking Mobile Numbers

• Unsolicited caller asks for KYC/eSIM update
• Threatens immediate suspension of service
• Requests for personal details or OTP
• Pressure to act quickly without independent verification

What To Do If You Encounter KYC/E-SIM Fraud Hijacking Mobile Numbers

1. Report the incident immediately to the dedicated cybercrime helpline 1930 or visit cybercrime.gov.in.
2. Block your SIM card through your telecom provider to prevent unauthorized access.
3. Change passwords for all your important online accounts, including banking and social media.
4. Set up additional layers of security, such as two-factor authentication, wherever possible.
5. Educate your friends and family members about the risks associated with KYC/E-SIM fraud.
6. Contact your bank's customer support for additional protective measures against unauthorized transactions.

How to Report KYC/E-SIM Fraud Hijacking Mobile Numbers in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?

Immediately contact your bank's helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161. Report the incident to cybercrime.gov.in and monitor your account for unauthorized transactions.

How can I identify KYC/E-SIM fraud?

Look out for unsolicited calls asking for personal details or KYC updates, especially with threats of immediate service disruption.

How do I report this type of scam in India?

You can report scams to the cybercrime helpline 1930, use the portal cybercrime.gov.in, or inform your bank for possible transaction-related fraud.

How can I recover money or protect accounts after this scam?

Post-scam, change your passwords immediately, report the fraud to your bank, and consult with customer service to secure your accounts. If money was lost, file a complaint with your local police.

Related Scams in India

• 'PrintSteal' Operation - Fake KYC Document Generation
• AI Deepfake Executive Authorization Scam
• AI Voice Clone Urgent Money Transfer Scam (General)
• AI Voice Cloning Emergency Scam (Familiar Person)
• AI Voice Cloning Scams

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.