Phishing-to-SIM Swap Attack
Verdict: Suspicious | Risk Score: 9/10 | Severity: critical
Category: UPI, WhatsApp, KYC
How Phishing-to-SIM Swap Attack Works
Overview: The Phishing-to-SIM Swap Attack is a growing scam where fraudsters first collect personal details through fake SMS or emails posing as your bank. After fishing out sensitive information like Aadhaar or PAN, they trick your mobile provider (Airtel, Jio, Vi, etc.) into transferring your mobile number onto a new SIM card they control. This allows them to intercept your OTPs and access your banking and UPI apps, leading to severe financial losses. Anyone using a smartphone for digital payments, especially urban adults who bank online, is at risk. This scam is dangerous because it bypasses normal two-factor protections, putting your money and data at immediate risk. How It Works: 1. You receive a realistic SMS or email pretending to be from a trusted bank or mobile provider, warning about some urgent KYC or account issue. 2. A link asks you to fill a form with personal and financial details (Aadhaar, PAN, etc.). Alternatively, they pressure you to share details in a phone call. 3. Using this info, fraudsters contact your telecom operator and request a SIM swap, pretending you lost your phone. 4. The mobile operator issues a new SIM to the scammer, turning off your actual service. 5. The fraudsters now receive your calls and SMS, including OTPs for your banking/UPI apps. 6. They quickly log in to your financial accounts or UPI, verify via intercepted OTPs, and transfer out your funds. India Angle: In India, this scam is tailored for major mobile providers like Airtel and Jio, who allow SIM upgrade and porting via in-store requests or customer helplines. Most victims are from urban regions where digital banking is common. Scammers mimic official SMS or create WhatsApp chat profiles resembling banks/providers. They often exploit popular online payment tools like UPI, Paytm, and netbanking, which rely heavily on SMS-based OTPs. Real Examples: - "Dear customer, your Axis Bank account will be suspended. Please update your KYC immediately: [fraudulent link]" - "This is Airtel customer care. We detected unusual activity. To confirm your identity, please tell us your Aadhaar and mobile number." - An SMS from a number similar to '121' (official Airtel code), requesting you to call back urgently for SIM verification. Red Flags: - Unsolicited requests for Aadhaar, PAN, or bank details via SMS, email, or WhatsApp. - Calls or messages claiming to be from customer care, asking for urgent KYC updates. - Messages mimicking official bank or telecom numbers, but with small variations. - Sudden loss of mobile signal without physical disruption. - Persistent pressure to share OTPs or complete verification forms quickly. Protective Measures: - Never share your Aadhaar, PAN, or OTPs with anyone over phone or message. - Use app-based authentication (Google Authenticator) instead of SMS OTPs wherever possible. - Register for eSIM if supported by your provider; eSIM is harder to duplicate. - Place a SIM PIN lock on your device to prevent unauthorized use if lost. - Regularly monitor your SMS alerts and bank notifications for unusual requests or logins. If Victimised: - Contact your telecom provider to block your SIM immediately. - Report the fraud at 1930 (Cybercrime Helpline) and cybercrime.gov.in. - Inform your bank and reset your mobile banking credentials. Related Scams: - SIM Swap via fake remote support apps, where malware steals your credentials. - Phishing for KYC using QR codes instead of links. - Account takeover using stolen ID proofs from social media leaks.
Visual Intelligence:
BharatSecure's AI has identified this as a used in scams targeting Indian users.
Who Does Phishing-to-SIM Swap Attack Target?
General public across India
Red Flags — How to Identify Phishing-to-SIM Swap Attack
- Urgent SMS or calls mimicking bank or telecom company for KYC/verification
- Requests for personal details (Aadhaar, PAN) via message or email
- Calls from numbers resembling official support lines (e.g., '121', '199')
- Unexplained loss of mobile network signal
- Pressure to share OTPs or fill forms immediately
What To Do If You Encounter Phishing-to-SIM Swap Attack
- Do not click any links or share personal information
- Block and report the sender immediately
- Report at cybercrime.gov.in or call 1930
- Inform your bank if financial details were shared
How to Report Phishing-to-SIM Swap Attack in India
- Call 1930 — National Cyber Crime Helpline (24x7)
- File a complaint at cybercrime.gov.in
- Contact your bank immediately if money was lost
- Call RBI helpline: 14440 for banking fraud
Frequently Asked Questions
- What is Phishing-to-SIM Swap Attack?
- Overview: The Phishing-to-SIM Swap Attack is a growing scam where fraudsters first collect personal details through fake SMS or emails posing as your bank. After fishing out sensitive information like Aadhaar or PAN, they trick your mobile provider (Airtel, Jio, Vi, etc.) into transferring your mobile number onto a new SIM card they control. This allows them to intercept your OTPs and access your banking and UPI apps, leading to severe financial losses. Anyone using a smartphone for digital paym
- How does Phishing-to-SIM Swap Attack work?
- Overview: The Phishing-to-SIM Swap Attack is a growing scam where fraudsters first collect personal details through fake SMS or emails posing as your bank. After fishing out sensitive information like Aadhaar or PAN, they trick your mobile provider (Airtel, Jio, Vi, etc.) into transferring your mobile number onto a new SIM card they control. This allows them to intercept your OTPs and access your
- How to protect yourself from Phishing-to-SIM Swap Attack?
- Do not click any links or share personal information Block and report the sender immediately Report at cybercrime.gov.in or call 1930 Inform your bank if financial details were shared
- How to report Phishing-to-SIM Swap Attack in India?
- Report to cybercrime.gov.in or call 1930 (National Cyber Crime Helpline). You can also contact your local police station's cyber cell.
Verify Any Suspicious Message
Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.