What to do if I shared my OTP in a UPI scam?

Immediately contact your bank and report the transaction. Use SBI helpline 1800-11-1109 or HDFC 1800-202-6161 to block your account.

How can I identify a SIM swap scam?

Watch for sudden changes in your mobile service or inability to receive calls/texts, which can be signs of a SIM swap.

How do I report this type of scam in India?

Report it to the cybercrime helpline 1930, visit cybercrime.gov.in, and notify your bank about the situation.

What should I do to recover money or protect accounts after this scam?

Contact your bank to inquire about recovery options, secure your accounts with new passwords, and file a complaint with the cybercrime department.

SIM Swap Attacks for UPI and Aadhaar Fraud

Verdict: Suspicious | Risk Score: 7/10 | Severity: high

Category: UPI, Phishing, OTP

How SIM Swap Attacks for UPI and Aadhaar Fraud Works

Overview: SIM swap fraud is a rising threat in India, enabling criminals to take over your mobile number by convincing telecom operators to port your number to a new SIM they control. This allows the scammer to receive all OTPs for UPI, banking, and Aadhaar authentication, leading to swift unauthorized UPI transactions, bank takeovers, and even misuse of your Aadhaar-linked services. This scam is dangerous due to its stealth and speed, leaving victims with drained accounts before realizing anything is wrong. How It Works: Fraudsters collect your personal data via phishing or leaks. Using fake documents or social engineering, they approach a mobile store or telecom agent to issue a replacement SIM card, claiming your number is lost. Once your mobile service is transferred to the scammer-controlled SIM, they initiate password resets, bank logins, UPI registrations, and Aadhaar updates, intercepting all OTPs. Money is quickly siphoned out, or loans taken in your name. India Angle: This scam has been reported across major metro cities (Delhi, Mumbai, Bengaluru) and is now spreading to Tier-2/3 locations, affecting professionals, business owners, and even students. Since UPI and Aadhaar are widely linked to mobile numbers, Indians dependent on mobile banking are particularly vulnerable. Real Examples: After losing network access, an IT professional discovers all his UPI-linked accounts have been emptied. Another scenario: A student in Pune suddenly gets 'SIM inactive' alerts while an unknown device logs into her banking app, draining her balance. Red Flags: - Your phone suddenly loses network signal for an extended period. - Alerts from your bank or UPI app about device changes or new logins. - Receiving OTPs for actions you did not initiate. - Inability to make calls or use mobile internet suddenly, despite bill payments. Protective Measures: - Set up transaction alerts for every bank and UPI action. - Contact your telecom provider the moment you notice unusual network issues. - Use strong, unique passwords for all financial apps. - Enable two-factor authentication for internet banking. - Never share personal or SIM details with unknown callers. If Victimised: - Report immediately to your bank, telecom provider, and 1930 helpline. - Raise a complaint on cybercrime.gov.in for financial recovery and investigation. - Request your bank to freeze all actions/transactions and block future fraud attempts. Related Scams: - Telecom frauds involving fake porting or IMEI spoofing. -

How This Scam Works — Detailed Explanation

SIM swap fraud is becoming increasingly prevalent in India, particularly affecting users of UPI (Unified Payments Interface) and Aadhaar services. Scammers typically begin by gathering personal information about potential victims, which can include details like their name, phone number, and even financial details. They often collect this information through social engineering techniques on platforms like WhatsApp and Facebook. For example, they may pose as customer service agents of telecom providers or trusted banks, requesting confirmation of identity or strange verification processes. This step creates a false trust, making it easier for them to convince victims to grant access to sensitive information.

To execute a SIM swap attack, scammers employ psychological tactics that prey on the vulnerabilities of their targets. One common tactic is known as 'fear-mongering,' where they induce panic by claiming that the victim's account has been compromised. This leads victims to unwittingly provide additional sensitive information such as OTPs (One-Time Passwords) willingly, convinced that they are safeguarding their accounts. Other psychological tricks include urgency—scammers may claim that their account will be frozen unless immediate action is taken, prompting quick responses without due diligence. This technique is especially effective against individuals who may not be tech-savvy or aware of fraud risks.

Once the scammers have successfully convinced the telecom operator to port the victim's number to a new SIM, chaos ensues for the unsuspecting victim. All OTPs for banking transactions, UPI payments, and Aadhaar authentications begin to arrive in the hands of the scammer. Victims often don’t realize anything is amiss until they receive alerts of unauthorized activities or realize that their banking apps and WhatsApp accounts are suddenly inaccessible. For instance, a victim might find that their savings have been drained for retail purchases via UPI transactions within a very short time after the SIM is swapped. Reports indicate that some victims lost over ₹10 crore collectively in just the first half of 2023 due to such attacks.

The impact of SIM swap attacks is significant and growing. According to the Ministry of Home Affairs, the financial cost of these scams continues to rise sharply, and the Reserve Bank of India has noted a concerning uptick in complaints related to UPI fraud linked to this method. Between 2022 and early 2023, reports emerged indicating that scams involving SIM swaps accounted for around ₹300 crore in losses nationwide. CERT-In has also issued advisories urging vigilance as these attacks use the inherent trust many Indians place in their mobile networks—often granted without skepticism. It’s crucial for individuals to understand the potential repercussions of these scams, as they don’t just lead to immediate financial loss but can also have long-term consequences on credit ratings and personal security.

Recognizing the difference between legitimate communications and potential scams is vital to thwarting these attacks. Always check for official communication channels before providing personal information and assume that unsolicited calls or messages asking for sensitive details are likely scams. For instance, if you get a message from a number claiming to be your bank or telecom service asking to verify your identity, contact the official customer service hotline (like SBI 1800-11-1109) to confirm. Legitimate organizations will never ask for sensitive information or OTPs via text or over the phone. Additionally, if you notice any unusual activity on your accounts or unexpected changes in communication methods, investigate immediately, as these are telltale signs of a SIM swap scam in progress.

Visual Intelligence:

BharatSecure's AI has identified this as a used in scams targeting Indian users.

Who Does SIM Swap Attacks for UPI and Aadhaar Fraud Target?

General public across India

What To Do If You Encounter SIM Swap Attacks for UPI and Aadhaar Fraud

Report any suspected SIM swap incidents by calling the 1930 cybercrime helpline or visiting cybercrime.gov.in.
Contact your bank immediately to block any unauthorized transactions on your account.
Reach out to your telecom provider to discuss any recent changes on your SIM or service that you did not authorize.
Change passwords for all account logins that are linked to your phone number, especially banking and UPI apps.
Enable two-factor authentication on your Aadhaar-linked accounts to enhance security.
Keep a record of all communications regarding the incident for future reference or legal purposes.

How to Report SIM Swap Attacks for UPI and Aadhaar Fraud in India

Call 1930 — National Cyber Crime Helpline (24x7)
File a complaint at cybercrime.gov.in
Contact your bank immediately if money was lost
Call RBI helpline: 14440 for banking fraud

Frequently Asked Questions

What to do if I shared my OTP in a UPI scam?: Immediately contact your bank and report the transaction. Use SBI helpline 1800-11-1109 or HDFC 1800-202-6161 to block your account.
How can I identify a SIM swap scam?: Watch for sudden changes in your mobile service or inability to receive calls/texts, which can be signs of a SIM swap.
How do I report this type of scam in India?: Report it to the cybercrime helpline 1930, visit cybercrime.gov.in, and notify your bank about the situation.
What should I do to recover money or protect accounts after this scam?: Contact your bank to inquire about recovery options, secure your accounts with new passwords, and file a complaint with the cybercrime department.

Related Scams in India

Verify Any Suspicious Message

Check any suspicious message, link, or call for free at bharatsecure.app. BharatSecure uses AI to detect scams in real-time and protect Indian users.