OTP Capture During Fake eSIM Process

How OTP Capture During Fake eSIM Process Works

Overview: A rising cybercrime in India involves scammers calling Airtel subscribers and guiding them through a seemingly legitimate eSIM conversion process. Under the pretext of facilitating a quick eSIM upgrade or required KYC update, these fraudsters prompt users to submit eSIM requests and then coax them into disclosing the received OTP. The scam's true danger lies in the fact that once a scammer captures this OTP, they can gain total control over the victim's SIM, enabling them to perform unauthorized high-value transactions and intercept sensitive banking credentials. How It Works: 1. The victim receives a call from a scammer posing as an Airtel executive, claiming the need for an urgent eSIM conversion or KYC compliance. 2. The caller directs the user to initiate a request for eSIM change, often by performing steps in their phone's settings or via SMS. 3. The victim is told an OTP will be sent by Airtel to their phone for security. The scammer insists the victim must share this OTP immediately to complete the process. 4. Upon sharing the OTP, the scammer finalizes the SIM swap, now controlling the phone number on their own device. 5. The attacker accesses SMS-based authentication, UPI confirmation codes, and may attempt to reset passwords of banking and social media apps. 6. In one instance, a victim lost more than ₹11 lakh within minutes of disclosure. India Angle: Scammers exploit the popularity of digital payments and the trust Indians place in telecom brands. They mostly target customers in urban centres but victims are now reported from Tier-2 and Tier-3 towns as well. Various languages—from Hindi and English to Tamil, Bengali, and Telugu—are employed to create urgency and trust. WhatsApp, regular calls, and SMS are common channels for these attacks. Real Examples: - A victim receives: "Dear customer, this is Airtel support. Please share the OTP just received so we can activate your eSIM." - WhatsApp: "eSIM conversion pending, last KYC alert! Kindly verify OTP so your number remains active." - SMS: "Your number will be blocked unless you provide the code immediately." Red Flags: 1. Caller guides you to initiate eSIM/KYC without you having requested it 2. Demand for sharing OTP, EID, or personal details 3. Instructions to avoid using the Airtel Thanks app or to skip company protocols 4. Intense push to respond within minutes Protective Measures: - Never share OTPs or verification codes on a phone call. Only use codes within official apps or when you have independently initiated a process. - Always verify if a SIM change request was truly needed; check the Airtel Thanks app or contact customer care directly. - Stay alert to unsolicited requests for any sensitive information, regardless of caller claims. - Enable strong passwords and multi-factor authentication on financial accounts. If Victimised: - Block your SIM/eSIM by contacting Airtel immediately. - Notify your bank and update passwords for all critical digital services connected to your mobile number. - Lodge a report through the cybercrime portal or helpline 1930, and retain all communication records as evidence. Related Scams: - UPI OTP-luring scams - Bank account hijack via fake customer care calls - SIM swap with fraudulent porting requests

How This Scam Works — Detailed Explanation

Scammers are using sophisticated tactics to target Airtel subscribers in India, orchestrating a scam disguised as the legitimate eSIM conversion process. Typically, they obtain the contact details of potential victims through various illicit means, like data breaches or by purchasing personal information from the dark web. Once they have a target in mind, the fraudsters make unsolicited phone calls presenting themselves as customer service representatives from Airtel. These calls usually originate from numbers that might seem legitimate at first glance, which can mislead the victims into trusting the caller. The scammers use intimidation and urgency as their primary tools, ensuring that the victim feels compelled to act without consulting official sources or verifying the call’s authenticity. With the popularity of UPI transactions and the reliance on mobile lines for banking in India, they exploit this dependency by enticing users with the prospect of a hassle-free eSIM upgrade, convincing them it’s essential for continued service access.

The scammers employ specific psychological tactics to ensure compliance from the victims. They often create a sense of urgency by claiming that the eSIM conversion is crucial to avoid service disruption, making the victim feel anxious and pressured into complying without thinking rationally. By presenting themselves as representatives tasked with enhancing user experience — framing themselves as helpful guides in the KYC upgrade process — they lower defenses. During the call, they might instruct the victim to take specific actions on their phone and ask for sensitive information, including One-Time Passwords (OTPs) received via SMS, claiming it is a necessary step to complete the eSIM setup. The use of terms related to KYC processes makes the scammers’ intentions seem more credible and less suspicious, allowing them to manipulate the circumstances to their advantage.

Once the victim has shared their OTP, the consequences unfold rapidly. The scammer gains access not just to the victim’s SIM card but can also conduct unauthorized transactions, often through UPI, draining bank accounts linked to the mobile number. For instance, in a recent case reported in Madhya Pradesh, scammers allegedly stole over ₹2 crore through multiple victims within weeks after successfully obtaining the OTP. Once they have control over the SIM, they can change settings, divert calls, and even reset banking app passwords, leading the victim to a financial abyss. Victims find themselves hysterical upon realizing their accounts have been emptied, and their personal information is compromised, leaving them vulnerable to further scams and financial insecurity.

The impact of such scams in the Indian landscape is grave. With various reports indicating that in 2022 alone, ₹1,700 crore was lost by Indians in cyber-related scams — many involving SIM-swapping and OTP phishing — it's crucial for users to understand the ramifications. Reports from the Ministry of Home Affairs (MHA), Reserve Bank of India (RBI), and advisories from the Computer Emergency Response Team of India (CERT-In) emphasize the need for caution but often fall on deaf ears. Many victims remain unaware of how to safeguard themselves and often hesitate to report, fearing further victimization or financial loss. The pervasive nature of these scams illustrates the urgent need for increased awareness and education surrounding cybersecurity practices, particularly concerning personal digital security in the realm of banking and telecom communication.

To distinguish between genuine communications from service providers and malicious attempts, users must be vigilant. Legitimate calls will never request sensitive information, such as OTPs, especially during unsolicited calls. Genuine representatives will ask you to verify any changes by contacting service numbers directly or using secured applications instead of providing information over the phone. Users should remember that if they receive a call urging them to act immediately or bypass standard service channels, this is a significant indicator that they are dealing with a scammer. Always consult the official channels of your service provider for confirmations and remain skeptical of any demands that feel rushed. These preventive measures are vital to safeguarding personal information against rampant cyber fraud, particularly in regards to critical financial matters like UPI transactions and linked mobile services.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does OTP Capture During Fake eSIM Process Target?

General public across India

Red Flags — How to Identify OTP Capture During Fake eSIM Process

• Asked to share OTP during unsolicited call
• Caller claims to speed up KYC/eSIM process
• Pressure to act before confirming through app
• Instructions to bypass standard company channels

What To Do If You Encounter OTP Capture During Fake eSIM Process

1. Report the incident to the cybercrime helpline by dialing 1930 or visiting cybercrime.gov.in.
2. Immediately contact your bank’s helpline (SBI 1800-11-1109 or HDFC 1800-202-6161) to secure your accounts.
3. Change your phone number's associated banking credentials and enable additional security features, such as two-factor authentication.
4. Alert your mobile service provider about the fraudulent activity to prevent any future attempts.
5. Monitor your bank statements for suspicious transactions and report them promptly.
6. Raising awareness within your circle can help others avoid falling victim to the same scam.

How to Report OTP Capture During Fake eSIM Process in India

• Call 1930 — National Cyber Crime Helpline (24x7)
• File a complaint at cybercrime.gov.in
• Contact your bank immediately if money was lost
• Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?

Immediately report the scam to your bank (call SBI at 1800-11-1109 or HDFC at 1800-202-6161), and inform the cybercrime helpline at 1930. Monitor your accounts for unauthorized transactions.

How can I identify this specific eSIM scam?

Be wary of calls asking you to share OTPs for eSIM processes, especially if the call is unsolicited. Legitimate service providers will never ask for sensitive information directly over the phone.

How do I report this type of scam in India?

Report it to the cybercrime helpline at 1930 and file a complaint on cybercrime.gov.in. Additionally, contact your bank immediately to report any financial losses.

What are the steps to recover money or protect accounts after this scam?

Immediately secure your accounts by changing passwords and contacting your bank to monitor and freeze accounts if necessary. Report the scam to authorities and stay updated on the case.

Related Scams in India

• 'PrintSteal' Operation - Fake KYC Document Generation
• AI Deepfake CEO Fraud (BEC Scam)
• AI Deepfake Executive Authorization Scam
• AI Deepfake Voice Payroll Fraud
• AI Voice Clone Urgent Money Transfer Scam (General)

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.