What to do if I shared my OTP in a UPI scam?

Immediately contact your bank using SBI helpline 1800-11-1109 or HDFC helpline 1800-202-6161. Report the incident to cybercrime at 1930 and change your banking passwords.

How to identify if I am a victim of a Mobile Number Swap Account Takeover?

Look for warning signs such as a sudden loss of signal, not receiving bank messages, or strange calls asking for your OTP or SIM information.

How can I report this type of scam in India?

You can report scams by calling the cybercrime helpline 1930, visiting cybercrime.gov.in, and reporting directly to your bank's fraud department.

What are the recovery steps after falling victim to this scam?

Contact your bank to report the unauthorized transactions, file a complaint with the police, and reach out to cybercrime through 1930 for guidance on next steps.

Mobile Number Swap Account Takeover

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, KYC, Phishing

How Mobile Number Swap Account Takeover Works

Overview: This scam targets any bank account but has seen a surge against Jan Dhan and dormant savings holders. Fraudsters illegally acquire duplicate SIM cards or persuade telecom staff to issue a new SIM with your number. With this, they can receive all bank OTPs and alerts, reset credentials, and gain full account access. Funds are rapidly siphoned, and accounts become mules for wider fraud—the original owner often only realises when severe losses have already occurred. How It Works: 1. Fraudsters gather personal data (via phishing, social engineering, or leaked documents). 2. They approach a mobile store or telecom office with forged identity proofs, tricking staff into issuing a new SIM card linked to your number. 3. They use this to receive authentication OTPs and change internet banking, UPI, or ATM PINs. 4. Once in control, they transfer or withdraw available balances, or use the account to move large scam proceeds. 5. The real account holder only realises the scam when their own mobile network stops working or SMS alerts stop. India Angle: Such SIM swap tricks have been heavily reported in UP, Bihar, and Rajasthan, often perpetrated by gangs with inside support from telecom agents. Targets are mostly those less familiar with online banking or mobile verification processes, including the elderly and rural account holders. Real Examples: - SMS: “Your SIM card has been upgraded. Restart your phone.” (Victim suddenly loses service and access.) - Bank alert: “Your OTP for mobile number update is: 829307.” Caller posing as bank staff asks victim to share this code. Red Flags: 1. Unexpected loss of mobile signal for extended periods. 2. Sudden stoppage of bank SMS alerts. 3. Calls from telecom agents asking for OTPs or verification you did not initiate. 4. Bank requests for fresh device registration without reason. Protective Measures: - Never share OTP with anyone on a call—even if they claim to be bank or telecom staff. - Register a complaint with your telecom provider immediately if you suddenly lose network signal. - Notify your bank at the earliest signs of irregular mobile/SMS behaviour. - Set up bank app device-based authentication or update KYC frequently. If Victimised: - Block SIM card via telecom customer care. - Freeze your bank account immediately and change all pins/passwords. - File a complaint on cybercrime.gov.in and at your nearest police station. Related Scams: - UPI PIN reset fraud via SIM swap. - KYC update requests followed by mobile OTP theft.

How This Scam Works — Detailed Explanation

The Mobile Number Swap Account Takeover scam begins with fraudsters conducting reconnaissance on potential victims. They often target individuals with Jan Dhan accounts or those with dormant savings accounts, as these are usually less secured. Scammers might use social engineering tactics on social media platforms like Facebook or WhatsApp to gather personal information, such as phone numbers or bank details. Once they have this information, they create a deceitful strategy to request a duplicate SIM card or persuade unsuspecting telecom employees into activating a new SIM card with the victim’s mobile number. This deceptive act lays the groundwork for further fraudulent activities as the scammer gains access to all the SMS alerts and One-Time Passwords (OTPs) that are crucial for online banking transactions.

Once the fraudster has successfully managed to obtain a duplicate SIM card, they employ psychological tactics that prey on human trust. They will often initiate communication with the victim, posing as a bank representative or a legitimate telecom office. Using urgency, they might state that the account is compromised or that there is an issue requiring immediate verification of details. This communication often includes requests for OTPs or asking the victim to confirm when they receive text messages related to a supposed security check. By doing so, they trick the victims into believing that the transaction is legitimate, making them unwitting accomplices in their own financial demise.

As events unfold, victims face a rapid sequence of distressing actions leading to their loss of funds. Initially, they may experience a sudden loss of mobile network signal, followed by a lack of SMS alerts from their bank, triggering alarm bells. They may receive calls from unknown numbers attempting to extract more personal information or requesting OTPs under various false pretenses. Victims might then receive messages indicating that unusual transactions are occurring, but by this time, significant funds have already been transferred from their accounts, often to various mule accounts. For example, in cases reported, individuals have lost amounts in crores within mere hours after their number was swapped, with banks such as SBI and HDFC struggling to handle the incidents swiftly under RBI’s strict guidelines.

The overall impact of this scam on Indian society has been staggering. Reports indicate that in 2023 alone, ₹85 crore was lost due to Mobile Number Swap Account Takeover frauds. The Ministry of Home Affairs, the Reserve Bank of India, and CERT-In have all reiterated the need for more robust consumer awareness and regulations surrounding such scams. It has become crucial for citizens to stay vigilant and aware of their banking security, especially considering that younger generations rely heavily on digital transactions through platforms like UPI, which have also been targeted extensively by fraudsters using similar methods.

To differentiate between this scam and legitimate communications, it is important to pay attention to the mode and content of messages and calls. Legitimate banks will never ask for sensitive information such as your PIN or OTP via phone calls or unsolicited messages. If you experience an unanticipated loss of network signal followed by calls requesting personal information, it is advisable to be cautious. Always cross-verify with your bank through official channels, such as calling designated helplines like SBI at 1800-11-1109 or HDFC at 1800-202-6161. Keep in mind that genuine requests will also come with identifiable patterns and will not induce undue pressure for immediate action.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Mobile Number Swap Account Takeover Target?

General public across India

Red Flags — How to Identify Mobile Number Swap Account Takeover

Loss of telecom signal out of the blue
Bank SMS alerts stop suddenly
Unknown calls asking for SIM or OTP verification
Requests to share OTP or PIN on calls

What To Do If You Encounter Mobile Number Swap Account Takeover

Report any suspicious activity immediately at the cybercrime helpline 1930 or via cybercrime.gov.in
Contact your bank's helpline to freeze your account if you suspect fraud.
Change all your online banking passwords and enable two-factor authentication.
Notify your telecom service provider regarding any unauthorized SIM swap.
Monitor your bank statements regularly for any unauthorized transactions.
Educate friends and family about this scam to help them stay vigilant.

How to Report Mobile Number Swap Account Takeover in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank using SBI helpline 1800-11-1109 or HDFC helpline 1800-202-6161. Report the incident to cybercrime at 1930 and change your banking passwords.
How to identify if I am a victim of a Mobile Number Swap Account Takeover?: Look for warning signs such as a sudden loss of signal, not receiving bank messages, or strange calls asking for your OTP or SIM information.
How can I report this type of scam in India?: You can report scams by calling the cybercrime helpline 1930, visiting cybercrime.gov.in, and reporting directly to your bank's fraud department.
What are the recovery steps after falling victim to this scam?: Contact your bank to report the unauthorized transactions, file a complaint with the police, and reach out to cybercrime through 1930 for guidance on next steps.

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.