SIM Swap Fraud India: How Scammers Steal Your Phone Number and Empty Your Bank

No Service on the phone. A Rs 45,000 transaction alert from the bank. This is what SIM swap fraud looks like at the moment it happens.

SIM swap fraud is among the most dangerous cybercrime techniques active in India today because it neutralises the one security layer that virtually every bank, UPI app, and online service relies on: the SMS OTP sent to your registered mobile number. When a scammer successfully ports your phone number to their SIM card, every OTP your bank sends goes directly to them instead of you.

You discover the fraud not through a suspicious message or a phishing link, but through absence: your phone loses signal entirely. By the time you realise what has happened and why, the scammer may already have initiated multiple transactions using OTPs you never received. This guide explains how SIM swap fraud works in India, how to detect it in real time, and the exact steps to take in the first ten minutes if it is happening to you right now.

What Is SIM Swap Fraud and Why India Is Highly Vulnerable

SIM swap fraud, also called SIM porting fraud or SIM card fraud, is a technique in which a scammer obtains a new SIM card issued to your existing mobile number by impersonating you at a telecom retailer or service centre. Once the new SIM is activated, your original SIM is deactivated. All calls, SMS messages, and OTPs that should reach you now go to the scammer.

India's vulnerability to this attack is structural. SMS-based OTP is the dominant two-factor authentication method for Indian banking and UPI, unlike more secure alternatives such as app-based authenticators or hardware tokens. This means that gaining control of someone's phone number is functionally equivalent to gaining access to their entire financial life: bank accounts, UPI IDs, email accounts, and every app that sends OTPs via SMS.

India also has one of the world's largest databases of citizen personal information, much of which has been exposed through data breaches over the past several years. The personal details required to perform a SIM swap at a retailer (name, Aadhaar number, registered address) are often available to scammers through data breach marketplaces at negligible cost. See our guide on the Aadhaar data breach and what it means for your security for the full picture of how this personal data is being exploited.

How SIM Swap Fraud Works: Step by Step

The four stages of a SIM swap attack: data collection, fraudulent SIM port, signal loss, and bank drain.

Step 1: Gathering Your Personal Information

Before any SIM swap attempt, the scammer needs enough personal information to convincingly impersonate you at a telecom retailer. The minimum required is typically your full name, your Aadhaar number, your registered address, and the last four digits of the SIM you want to replace. This information is collected through several channels:

• Data breach databases. Large-scale breaches of Indian government portals, e-commerce platforms, and financial institutions have exposed hundreds of millions of records. Your full name, Aadhaar number, phone number, and address may already be available in compiled breach files sold on dark web marketplaces.
• Phishing calls posing as telecom customer care. A scammer calls claiming to be from Jio, Airtel, or Vi, saying your SIM needs an upgrade for 5G compatibility or your account requires KYC verification. You are asked to confirm your Aadhaar number, address, and date of birth to "verify your identity."
• Social media and public profiles. Address, date of birth, and workplace details shared publicly on social media provide supplementary information that fills gaps in breach data.

Step 2: The Fraudulent SIM Request

Armed with your personal details, the scammer visits a telecom retailer or franchise outlet in a city far from your registered address, reducing the chance of any local verification. They present falsified documents or the verbal information required to pass retailer identity checks, and request a replacement SIM for your number citing a lost or damaged SIM.

Telecom retailer verification standards in India vary significantly. Urban flagship stores apply more rigorous checks, while smaller franchise retailers in semi-urban areas may rely primarily on verbal information matching. TRAI regulations require a 24-hour cooling period and OTP confirmation for porting requests, but these protections can be bypassed when the request is processed as a simple SIM replacement rather than a port.

Step 3: Your Phone Loses Signal

The moment the fraudulent SIM is activated at the retailer, your original SIM is automatically deactivated by the network. Your phone shows "No Service" or "Emergency Calls Only" regardless of your location. This is the moment the fraud becomes active and the critical window opens.

The signal loss often happens during the day when banks are open and transactions can be processed. Scammers time the SIM swap to coincide with banking hours specifically because UPI transactions and NEFT transfers require OTP confirmation that they can now intercept immediately. The average time between signal loss and first fraudulent transaction is under 15 minutes in documented cases.

Step 4: The OTP Harvest and Bank Drain

With your number now active on their device, the scammer proceeds to log into your banking apps and UPI services using credentials they have previously obtained through phishing or credential stuffing. Every OTP required to confirm transactions, reset passwords, or bypass security checks now arrives on their device instead of yours.

The scammer moves through your accounts systematically: UPI transfers, NEFT to external accounts, and if email access is recovered, reset of further accounts. The average SIM swap session in India lasts between 20 and 40 minutes before the victim manages to report the signal loss. In that window, documented losses range from Rs 50,000 to over Rs 30 lakh. For context on how UPI fraud works alongside SIM swap techniques, see our UPI scam guide.

Your Phone Just Lost Signal: Is It SIM Swap?

Not every signal loss is SIM swap fraud. Towers go down, phones develop hardware faults, and account suspensions can also cut service. The distinguishing factor is context: if you lose signal suddenly in an area where you normally have strong coverage, you cannot restore it by toggling airplane mode or restarting, and you begin receiving alerts on other devices about unrecognised transactions, treat it as a SIM swap until your telecom operator confirms otherwise.

How Scammers Get Your Personal Information for SIM Swap

The data collection stage is often the longest part of a SIM swap operation, sometimes spanning weeks or months before the actual port attempt. Understanding the collection methods helps you identify and block them before your information is complete enough to be actionable.

The Telecom Impersonation Call

The most common information collection method in India is a phone call from a number appearing to belong to Jio, Airtel, or another operator. The caller says your SIM is being upgraded, your KYC is expired, or your number will be deactivated in 24 hours unless you verify your details. You are asked to confirm your Aadhaar number, your registered address, and sometimes the last four digits of your current SIM. Providing any of these fills the scammer's profile for your number.

Legitimate telecom customer care never calls you to request Aadhaar number confirmation over a cold call. If you receive such a call, hang up and call your operator back on the official helpline number. Check any suspicious caller number at rakshaai.co/phone-number-checker before sharing any information.

Data Breaches and Phishing

Aadhaar details, registered addresses, and mobile numbers linked to financial accounts are available in several large breach datasets that have emerged from Indian government and private sector incidents since 2022. A scammer who purchases or downloads one of these datasets may already have the core information needed to attempt a SIM swap on thousands of numbers simultaneously, testing those for which the retailer verification succeeds.

Phishing SMS messages designed to look like bank alerts or delivery notifications also harvest the personal details that supplement breach data. See our guide on how to identify fake websites and phishing links to understand how this data collection pipeline operates.

How to Protect Yourself from SIM Swap Fraud

Five steps that significantly reduce your exposure to SIM swap fraud. Each one closes a different entry point.

1. Set a SIM lock PIN with your telecom operator. Call your operator's customer care and request a SIM lock or SIM change PIN. This PIN must be presented at any retailer attempting to issue a replacement SIM for your number. A scammer who does not know this PIN cannot complete the swap, regardless of what other personal information they have. This is the single most effective protection available to Indian mobile users. Jio customers can set this at Jio.com under account settings. Airtel customers can request it via 121.
2. Enable SIM change OTP authentication. Jio and Airtel both offer an additional security layer where any SIM change request triggers an OTP to your existing SIM before the change is processed. Enable this through your operator's app or by calling customer care. With this active, a scammer cannot port your number without first having access to your current SIM — a circular dependency that effectively blocks the attack.
3. Lock your Aadhaar biometrics. Visit myaadhaar.uidai.gov.in and lock your biometric authentication. This prevents your Aadhaar from being used for physical verification at retailers without your explicit unlock. Locking biometrics does not affect your Aadhaar's use for digital verification via the official app, but it closes the physical impersonation route that SIM swap fraud depends on.
4. Use email-based 2FA for banking where possible, not SMS only. Where your bank offers an authenticator app (Google Authenticator, Microsoft Authenticator) or email-based OTP as an alternative to SMS, activate it. This means that even if a SIM swap succeeds, the scammer cannot complete transactions that require a non-SMS second factor. Check your bank's security settings to see what alternatives are available.
5. Never share personal details with unverified telecom callers. Any unsolicited call requesting your Aadhaar number, registered address, SIM serial number, or OTP in the context of a SIM upgrade or KYC update is a data collection call for a SIM swap attempt. Hang up and call your operator back on the official number to verify whether any action is actually needed.

If You Are Being SIM Swapped Right Now: Act in 10 Minutes

Five actions to complete in 10 minutes. Every minute the scammer has your number active is a minute they can drain accounts.

1. Call your telecom operator immediately from another phone. Borrow a phone from anyone near you. Call the helpline for your operator: Jio on 198, Airtel on 121, Vi on 199, or BSNL on 1800-180-1503. Tell them your number has been SIM swapped without your authorisation and request immediate deactivation of the fraudulent SIM. Request that your original SIM be reactivated on priority. Operators have an emergency protocol for this and can act within minutes of your call.
2. Call your bank and freeze everything. Use the bank's official helpline (printed on the back of your debit card or in your passbook) to report the fraud in real time. Ask them to freeze all UPI transactions, internet banking, and outgoing transfers on your account immediately. If you have multiple bank accounts linked to the same number, call each bank. Even a partial freeze prevents further loss on those accounts.
3. Change your email password from a different device. Your email is the master key to password resets across all your accounts. If the scammer has your number, they can request password resets for your email via SMS OTP. Getting into your email from a device that is not your primary phone (a laptop, tablet, or borrowed device) and changing the password immediately closes this route before they can use it.
4. Check your bank statements for unauthorised transactions. Log into your net banking from a laptop or another phone on Wi-Fi. Note every transaction that has occurred in the past 30 to 60 minutes. These records are essential for your cybercrime complaint and bank dispute. Screenshot everything.
5. Call 1930 and file at cybercrime.gov.in. Call 1930 while the fraud is in progress. The helpline can initiate real-time account freeze requests across multiple banks simultaneously and escalate to the NPCI fraud team. File a formal complaint at cybercrime.gov.in with all transaction details as soon as you have them. For the full post-fraud recovery guide, see our article on what to do immediately after being scammed online in India.

Frequently Asked Questions

How do I know if I am a victim of SIM swap fraud in India?

The main sign is your phone suddenly losing all signal while you are in an area where you normally have coverage. You may also receive an SMS saying your SIM has been activated on a new device, or find that your UPI or banking apps stop working because OTPs are now going to the scammer's device.

How do scammers get personal information for SIM swap in India?

They obtain your details from data breaches, phishing attacks, social media, or by posing as telecom customer care over the phone. With your name, Aadhaar number, and registered address, which are often available from data breaches, they can impersonate you at a telecom retailer. See our guide on the Aadhaar data breach for detail on how this information is exposed and exploited.

Can I prevent SIM swap fraud in India?

Yes. Set a SIM lock PIN with your telecom operator, enable additional OTP authentication for SIM change requests (Jio and Airtel both offer this), and never share personal details on unverified calls claiming to be from your telecom company. Locking your Aadhaar biometrics at myaadhaar.uidai.gov.in adds further protection.

Which Indian telecom operators have SIM swap protection?

All major operators including Jio, Airtel, BSNL, and Vi offer a waiting period and verification for SIM change requests. TRAI mandates a 24-hour cooling period and OTP verification for same-operator porting. Setting a SIM PIN adds a second layer of protection beyond what the operator applies by default.

How much money can scammers steal in a SIM swap in India?

All accounts linked to your mobile number are at risk: UPI, internet banking, email, and any app that uses SMS OTP for authentication. Documented SIM swap cases in India show losses ranging from Rs 50,000 to over Rs 30 lakh in a single incident, depending on the balances accessible across linked accounts.

Final Thoughts

SIM swap fraud is uniquely dangerous because it bypasses the security layer most Indians rely on without any action from the victim. You do not need to click a link, share a password, or respond to a suspicious message. The fraud happens at a telecom retailer far from you, and your only warning is a phone that stops working.

The good news is that the attack has a specific and identifiable warning signal (sudden unexplained signal loss) and a narrow time window that makes rapid response effective. The five actions in this guide, completed within 10 minutes of signal loss, give you the best possible chance of stopping the fraud mid-operation and beginning the recovery process.

Act on the prevention steps today, before signal loss ever happens. Setting a SIM lock PIN with your operator takes less than 5 minutes on a customer care call and closes the primary attack vector entirely. Share this article with your family, particularly older family members who may not recognise the warning sign when their phone goes quiet.