What to do if I shared my OTP in a UPI scam?

Immediately change your UPI PIN and contact your bank's fraud line to report the incident. They can provide assistance and monitor for unauthorized transactions.

How can I identify phishing attempts in telecom communications?

Look for urgent requests for KYC details, threats of immediate action, or unsolicited calls claiming to be from legitimate entities. Always verify before acting.

How to report this type of scam in India?

You can report scams by dialing 1930 or visiting cybercrime.gov.in. Additionally, contact your bank to secure your accounts.

How can I recover money or protect accounts after this scam?

Contact your bank immediately to freeze your accounts, and file a report with the cybercrime helpline at 1930 to begin recovery processes.

Phishing-Enabled Telecom Account Hijack

INDIA — By BharatSecure Threat Intelligence Team · Updated May 29, 2026

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, KYC, Phishing

How Phishing-Enabled Telecom Account Hijack Works

Overview: Phishing-enabled SIM swaps are on the rise in India, where scammers use fake calls, SMS, or emails to trick people into providing personal details. The real danger comes when attackers use this information to pass weak KYC checks at a telecom outlet, get control of your mobile number, and then intercept all your OTPs and banking alerts. How It Works: 1. You get a message or call claiming to be from your mobile operator, bank, or even a government agency. 2. The caller asks for verification: your date of birth, address[ADDRESS_REDACTED]t. 3. If you respond, they now have the data needed to impersonate you at a telecom store or with the company’s customer care. 4. Scammers request a replacement SIM citing a lost phone, tricking staff into providing a duplicate SIM with your number. 5. Your mobile service stops, and the scammer receives your calls and SMS—including OTPs for bank and wallet apps, allowing account takeovers. India Angle: This scam is widespread across all of India, with major telecom providers (Jio, Airtel, Vi) most frequently impersonated. Both rural and urban users are targeted; sometimes, phishing messages are sent in regional languages to seem more trustworthy. Scammers also exploit official-sounding government IDs (like Aadhaar/PAN) for extra credibility, increasing the risk for anyone who responds. Real Examples: - Fake call: “Ma’am, this is from Airtel KYC. To keep your number active, please confirm your birth date and Aadhaar.” - SMS: “Due to security update, confirm your SIM registration by sharing OTP sent now. Ignore and your number may be blocked.” - “Hello sir, we noticed suspicious activity; help us verify your identity now.” Red Flags: 1. Calls or texts asking for sensitive info to prevent suspension of mobile service. 2. Request for Aadhaar, PAN, or OTP for basic telecom support. 3. Caller uses urgent or threatening tone regarding account deactivation. 4. Low-quality grammar, odd greeting or generic message content. Protective Measures: - Never share Aadhaar, PAN, or any OTP over calls or messages to anyone. - Only respond to customer support requests via official channels or apps. - Always verify the caller’s identity by calling back the official helpline. - Educate family members on Indian-style phishing tactics. If Victimised: - Block your SIM and inform telecom operator at once. - Alert your bank and freeze digital accounts. - Report scam on cybercrime.gov.in and call 1930. - Change all account passwords and remove linked phone from accounts. Related Scams: - KYC update frauds targeting bank/mobile wallets - Social engineering for UPI theft - Loan app scams using identity theft Protect your identity: India's telecom processes are strong, but your action is key to stopping data-driven scams.

How This Scam Works — Detailed Explanation

Phishing-enabled SIM swap scams are becoming increasingly prevalent in India, targeting unsuspecting individuals through various channels. Scammers often utilize platforms like WhatsApp and even social media to initiate contact. Initially, they may craft messages or initiate calls that appear authentic, allegedly from your mobile operator, bank, or various government agencies. These communications often come with a layer of urgency or fear—the attackers may claim that your account will be blocked or that you're required to verify your identity immediately. They might even assert that this is necessary for you to continue receiving services, preying on your natural desire to avoid disruption.

Once they establish contact, the scammers employ psychological tactics that create a false sense of security. For instance, they might project authority, insisting that they are part of a security team and have identified suspicious activity on your account. To heighten credibility, they often use relevant jargon or industry-specific terms, leading many victims to lower their guard. Additionally, they might threaten immediate consequences, like SIM blocking, if the victim refuses to comply. This manipulation typically leads individuals to disclose sensitive information about their personal identity—such as Aadhaar numbers or even UPI PINs—believing this information is needed for verification purposes.

After falling into the trap, victims may experience a series of disturbing events. A typical scenario might unfold like this: after sharing personal information with the scammer, the criminal uses it to pass minimal KYC checks at a nearby telecom outlet. Once a SIM swap is performed, the victim’s mobile number is redirected to the scammer's SIM card. This gives the attacker control over the victim's phone number, allowing them to intercept SMS messages and OTPs for various financial transactions. In one notable case in Maharashtra, a business owner lost ₹50 lakh when their number was hijacked, leading to unauthorized UPI transfers to various accounts. Reports indicate multiple such incidents across states, straining families and businesses and causing immense financial and emotional distress.

The real-world impact of these scams is staggering. According to recent statistics, India loses over ₹2,500 crore annually due to telecom and banking-related frauds, and phishing scams like SIM swaps account for a sizeable chunk. The Ministry of Home Affairs, along with the Reserve Bank of India and CERT-In, has raised alerts, indicating a growing number of complaints related to this form of cybercrime. Many victims are left with no means to reclaim their lost funds, as the recovery process is lengthy and cumbersome. The emotional toll can also be devastating, leaving individuals feeling vulnerable and violated, questioning their trust in digital services.

To identify potential scams versus legitimate communications, several red flags can be observed. If you receive a call or message requesting KYC details which routinely wouldn’t necessitate such information, it's likely a scam. Be suspicious of solicitations asking for sensitive data like Aadhaar or PAN details for service continuity. A legitimate operator should never threaten you with immediate SIM blocking or request OTPs due to unsolicited support inquiries. Furthermore, verify any such communications via official numbers, ensuring you are not falling prey to impersonation or deception in urgent contexts like these.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does Phishing-Enabled Telecom Account Hijack Target?

General public across India

Red Flags — How to Identify Phishing-Enabled Telecom Account Hijack

Calls/SMS demanding KYC in exchange for service continuity
Requests for Aadhaar or PAN for routine telecom help
Threats of immediate SIM blocking if requirements not met
OTP requests from 'support staff' you didn’t contact
Language or urgency that feels off or alarming

What To Do If You Encounter Phishing-Enabled Telecom Account Hijack

Immediately report the incident to the cybercrime helpline at 1930.
Secure your Aadhaar by updating your credentials at uidai.gov.in.
Call your bank helpline, such as SBI at 1800-11-1109 or HDFC at 1800-202-6161, to report the ongoing fraud.
Change your passwords for UPI and online banking accounts promptly.
Consider blocking your SIM temporarily and informing your telecom provider about the breach.
Monitor your bank statements regularly for any unauthorized transactions.

How to Report Phishing-Enabled Telecom Account Hijack in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately change your UPI PIN and contact your bank's fraud line to report the incident. They can provide assistance and monitor for unauthorized transactions.
How can I identify phishing attempts in telecom communications?: Look for urgent requests for KYC details, threats of immediate action, or unsolicited calls claiming to be from legitimate entities. Always verify before acting.
How to report this type of scam in India?: You can report scams by dialing 1930 or visiting cybercrime.gov.in. Additionally, contact your bank to secure your accounts.
How can I recover money or protect accounts after this scam?: Contact your bank immediately to freeze your accounts, and file a report with the cybercrime helpline at 1930 to begin recovery processes.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.