SIM Swap Scam in India 2026: How to Spot and Stop It

A SIM swap scam is when a fraudster gets your phone number activated on their SIM card. Your phone goes dead. Every OTP, every call, every SMS your bank sends now goes to them. Within an hour they can reset your net banking password, drain your UPI, log into your email, and lock you out of your own life. The two routes in India are fake porting requests across telcos (MNP fraud) and duplicate SIM issuance from a telecom retail outlet, often with insider help. TRAI’s July 2024 rule added a 7-day cooling period on port-out after a SIM swap, which closed the easiest version of the attack, but the threat is still live. If your phone suddenly loses signal and stays dead in a place you usually have coverage, treat it as an attack until proven otherwise. Call your telco from a different phone, freeze your bank accounts, and call 1930.

Who this is for

Anyone in India whose phone number is linked to a bank account, UPI app, email login, or social media account. That is basically every adult in the country. The most targeted profiles in 2026: high-net-worth individuals with public LinkedIn profiles, founders and senior executives whose bank account size is inferable from public funding announcements, business owners whose number is publicly displayed for customer contact, NRIs maintaining Indian bank accounts, and senior citizens whose family details and address are findable on social media. This guide is also for parents, partners, and siblings who manage finances for elderly family members.

What a SIM swap actually does

Your phone number is the master key to almost everything financial in India. Bank login OTPs, UPI registration, net banking 2FA, email password reset, GPay, PhonePe, Paytm, social media recovery, even your Aadhaar-linked services. If a scammer controls your number, they control the OTP, and the OTP unlocks almost everything else.

When a SIM swap goes through, your original SIM stops working within minutes. The phone shows ‘no service’ or ‘SIM not provisioned’ or ‘emergency calls only’. The new SIM in the attacker’s phone immediately picks up your number. Every SMS, call, and OTP routes to them. They then run a fast sequence:

1. Reset net banking password using the SMS OTP they now receive
2. Add new beneficiaries to your bank account (some banks impose a cooling period here; not all do)
3. Initiate transfers via NEFT, RTGS, IMPS, or UPI
4. Reset email passwords to take over your Google or Apple account
5. Lock you out by changing 2FA settings everywhere they can

In the most aggressive cases the entire chain runs in 30 to 60 minutes. By the time you walk to a telco store, the money has already moved and layered through mule accounts.

The Reserve Bank of India has flagged SIM swap as one of the dominant account takeover vectors in its annual cyber fraud reporting. CERT-In has issued advisories on SIM swap protection. TRAI has updated mobile number portability rules (TRAI MNP amendment 2024) specifically to slow down the attack. Industry awareness has improved. The attack itself has not gone away.

The two routes scammers use

Route 1: MNP port-out fraud

Mobile Number Portability lets you move your number from one telco to another while keeping the same number. It is a real, useful consumer right. It is also a known attack vector.

The fraud version: the scammer files a porting request to move your number from Airtel to Jio (or any other telco combination) using a forged ID, a UPC (unique porting code) they have somehow obtained, and your basic details. If approved, your number leaves your current SIM and lands on a SIM the scammer holds. TRAI’s July 2024 amendment introduced a 7-day waiting period after any SIM swap before port-out can be processed, which has reduced this attack. It still works on patient attackers.

Route 2: Duplicate SIM fraud within the same telco

The more common path now. The scammer walks into a telecom retail outlet, sometimes with insider collusion, sometimes by social engineering the agent with your stolen ID copy and address proof. They request a duplicate SIM for your existing number, citing ‘lost phone’ or ‘damaged SIM’. The agent issues a new SIM on your number. Your original SIM is deactivated. The new one is active in the scammer’s phone.

This route is harder for TRAI’s port-out rule to address, because the swap stays within the same telco. The defence here is telco-side identity verification rigour and your own monitoring. Several arrests in 2024 and 2025 in Mumbai, Hyderabad, Bengaluru, and Delhi have involved telecom retail operators or distributors selling duplicate SIMs to fraud rings.

The simpler social engineering variant: scammer calls you claiming to be an Airtel or Jio or Vi representative, says your SIM needs an upgrade to 5G or a KYC re-verification, and walks you through a sequence that ends with your existing SIM going offline. Either you handed over a UPC in the call, or you accepted a SIM swap, or you visited a retail outlet under their direction. Same end state.

Publicly reported Indian SIM swap cases

Carrying real cases from mainstream press to underline that this is not an abstract risk and that the loss numbers are significant.

Delhi, 2020 onwards (sustained pattern). Delhi Police’s cyber cell flagged a sharp rise in SIM swap complaints with average losses per victim in the lakhs of rupees, traced to a mix of MNP fraud and duplicate SIM issuance. The Special Cell arrested multiple suspects across 2024 (Indian Express coverage of Delhi cyber arrests).

Mumbai, 2024. Maharashtra cyber department reported a businessman lost more than INR 1 crore after his number was swapped overnight. The fraud was detected only when he tried to use his phone the next morning (Hindustan Times Mumbai cyber reporting).

Hyderabad, 2024 to 2025. Telangana cyber crime wing arrested a ring that included a telecom retail employee accused of issuing duplicate SIMs in exchange for a fee per swap (Telangana Today coverage of cyber arrests).

Bengaluru, 2025. A startup founder reported a six-figure UPI fraud after losing signal on the office floor for 45 minutes and finding the SIM had been ported. The bank had no immediate reversal mechanism by the time the founder reached the branch (Deccan Herald coverage of Bengaluru cyber cases).

National pattern, 2024 to 2025. I4C briefings and Parliamentary responses noted that SIM-swap-linked bank fraud forms a measurable share of UPI and net banking fraud complaints filed at cybercrime.gov.in, with average individual losses higher than most other categories because the attacker has direct OTP access (Business Today coverage of NCRP data).

What these cases share: the victim noticed the signal loss but did not initially treat it as an attack, the bank account was drained within an hour of the swap, the recovery odds depended entirely on how fast the victim reported, and several cases involved insider collusion at the telco retail layer that the victim had no way to prevent.

Red flags that say a SIM swap is in progress

Any one of these is enough to act on. Do not wait for confirmation.

1. Sudden total loss of signal in a place you usually have full coverage

If your phone shows ‘no service’ or ‘SIM not provisioned’ or ‘emergency calls only’ for more than 30 minutes in a location where other phones (yours and others) usually work fine, treat it as a swap until proven otherwise. Restart the phone once. If signal does not come back, escalate.

2. SMS or email alert about a SIM swap or porting request you did not initiate

TRAI rules require telcos to send a confirmation SMS before any port-out goes through, and most telcos send a notification before a duplicate SIM is issued. If you receive such a message and did not request it, call your telco immediately on a different phone and refuse the request. The window to cancel is short.

3. Calls or messages about unusual bank transactions when you cannot get a signal

If your spouse, family member, or office colleague mentions that your bank has called them or that they received a bank alert from your account while you cannot use your phone, that is the swap-in-progress signature.

4. An unsolicited call from a ‘telco representative’ offering a SIM upgrade, 5G upgrade, or KYC re-verification

Real telcos do not cold-call subscribers asking for UPC codes, KYC re-verification over the phone, or SIM swap consent over a call. Any such call is the scam.

5. A message saying your number is being deactivated unless you respond immediately

Real telco disconnections do not happen via WhatsApp message or SMS demanding immediate action. The threat is engineered to make you call a number controlled by the scammer or visit a fake URL.

Prevention: what to lock down today

These are habits and settings to put in place now, before anything happens. They take 30 minutes total across all your accounts.

Telco-side controls

• Set a telco account PIN or password with your operator. Most telcos let you set a PIN required for any account-level change including SIM swap or port-out. Set this in person at a service centre and write down nothing where it can be photographed.
• Enable port-out lock or SIM swap lock where your telco offers it. Some telcos in India now let you mark your number as ‘do not port’ which requires an in-person, ID-verified visit to lift.
• Register an alternate contact and email with your telco so that any SIM change attempt notifies a second channel you control.
• Know your telco’s 24x7 customer service number and save it as a contact in another family member’s phone too.

Bank-side controls

• Enable transaction alerts via email in addition to SMS. If the SIM is swapped, SMS alerts go to the attacker but email alerts still reach you.
• Set transaction limits. Lower the per-day and per-transaction limit on UPI, net banking, and mobile banking to amounts you actually transact at. You can raise temporarily when needed.
• Register at least two beneficiary cooling-off bank accounts with shorter activation windows.
• Save bank fraud reporting numbers in your phone now. Every major bank in India has a 24x7 fraud hotline.

Identity hygiene

• Remove your full date of birth, home address, and full phone number from public LinkedIn, Facebook, and Instagram profiles. These are the inputs scammers use to social engineer your telco.
• Do not share photos of your Aadhaar, PAN, or driving licence on WhatsApp, even with vendors. Use masked Aadhaar (VID) where possible.
• Use email-based or app-based two factor authentication (Google Authenticator, Microsoft Authenticator, Authy) instead of SMS OTP wherever the service supports it. Bank, broker, email, and work accounts especially. This is the single highest-impact preventive measure because it makes the SMS OTP useless to a SIM swap attacker.

What to do the moment you suspect a swap

If your phone has gone silent and your gut says something is wrong, act in this order. Do not wait to be sure.

1. Borrow a phone immediately. A family member’s, a colleague’s, a stranger’s. Call your telco customer service number and confirm SIM status. Ask them to freeze the SIM, block port-out, and flag the account.
2. Call every bank where you hold an account. Request immediate freeze on UPI, debit and credit cards, mobile banking, and net banking. Most banks have a 24x7 fraud number on the back of every card. If you cannot reach, send an email to the bank’s fraud reporting address from a separate device.
3. Change your email password from a clean device (laptop or another phone). Email is often the recovery channel for bank and UPI accounts.
4. Call 1930. This is the national cybercrime helpline operated 24x7 by I4C under MHA (I4C). They will start a complaint and coordinate with banks for mule account freeze.
5. File a formal complaint at cybercrime.gov.in within 24 hours. Provide telco SIM status confirmation, bank statements, recipient account details, timestamps, and any SMS or email notifications you received about the swap.
6. Visit your telco retail store in person with ID to request a new SIM issued to you. Bring photo ID and any proof of original number ownership. Do not let the operator delay this; cite the active fraud.
7. Notify your workplace IT or security team if your work email or VPN is linked to that number.
8. Check email for password reset notifications you did not initiate, on every account: Google, Apple, Microsoft, banking, broker, exchange, social media. Reset every one of them from a clean device.
9. File a written complaint with your bank in addition to the phone call, to trigger RBI’s customer liability framework. Time-stamped written reporting is what protects your eligibility for compensation if the matter qualifies.

What RBI’s limited customer liability rule says

RBI’s 2017 circular on customer protection in unauthorised electronic banking transactions sets out three scenarios.

• If the fraud is due to the bank’s negligence, customer liability is zero regardless of when reported.
• If the fraud is due to third party breach (which most SIM swap fraud falls under) and reported within 3 working days, customer liability is zero. Reported within 4 to 7 working days, capped liability applies depending on account type. Beyond 7 working days, the customer may bear full loss.
• If the fraud is due to customer negligence (sharing OTP, PIN, password willingly), customer bears the loss until reported.

The framework rewards fast reporting heavily. The 1930 call, the cybercrime.gov.in complaint, and the written bank complaint together create the timestamped paper trail that supports your eligibility. (RBI customer protection circular 2017).

Got a suspected SIM swap or a telco upgrade call? Send it to us, we verify free

If you received a suspicious call claiming to be from your telco, an SMS about a port-out you did not request, or you have noticed unexplained signal loss and want a sanity check, send it to us privately.

WhatsApp / Call: +91 99644 43350

Send the message screenshot, the sender number, your telco name, and what you noticed. We tell you whether the pattern matches a known SIM swap script and what to do next, free.

What we do:

• Cross-check the calling number against known telco-impersonation patterns
• Walk you through the urgent action sequence in plain language
• Help you confirm SIM status with your telco
• Help you draft the cybercrime complaint

What we do not do:

• Charge you for the verification
• Ask for your bank details, OTPs, UPI PIN, or telco PIN
• Pretend to be a telco or a bank

Verification is free. You only pay if you want deeper engagement: investigation support, recovery coordination, or ongoing security guidance for your family. We also publish related guides on the malicious WhatsApp APK scam, WhatsApp GhostPairing, and SMS scam clusters.

Need help beyond verification?

If you need hands-on help with execution (beyond the free verification and knowledge sharing above), that can be scoped as a paid engagement. Each situation is different (money already moved, business UPI compromised, multiple family members targeted, ongoing protection needed for senior parents), so we don’t pre-package what’s in scope: we’ll talk through what you’re dealing with and tell you honestly whether we can help and what it would look like.

WhatsApp +91 99644 43350 or contact Cybersecify to discuss.

Save this number now

If you ever notice unexplained signal loss, receive a suspected SIM swap notification, or get a telco-impersonation call: WhatsApp +91 99644 43350. Save it now. During an active swap, every minute matters and you may not have time to search.

We also publish a Karnataka citizen safety guide, a digital arrest scam explainer, and a traffic challan SMS scam guide for the same broad Indian audience.

Frequently asked questions

What is a SIM swap scam in India?

A SIM swap is when a fraudster gets your mobile number activated on a SIM card they hold. Once that happens, your phone loses signal and every call, SMS, and OTP routed to your number goes to them. They then reset your bank, UPI, email, and social account passwords and drain whatever they can. The two main routes in India are MNP port-out fraud (using a fake porting request to a different telco) and duplicate SIM fraud (collusion or social engineering at a telecom retail point to issue a new SIM for your existing number).

What is the single biggest red flag of an active SIM swap?

Your phone suddenly shows no signal or ‘no service’ for an hour or more in a place you usually have full coverage, while other phones in the same room work fine. That is the moment to act. The window between the swap going live and money moving is often under 60 minutes. Switch to wifi, call your telco from a different phone to confirm the SIM status, call your bank to freeze UPI and net banking, and call 1930. Do not assume it is a network issue. Assume it is a swap until proven otherwise.

How do scammers get my details to do a SIM swap?

They piece together your name, date of birth, address, Aadhaar last 4 digits, and recent call patterns from public sources (LinkedIn, Facebook, leaked breach data), social engineering (a fake call from a supposed telco rep), or insider help at a telecom retail outlet. The Indian telecom sector has seen multiple cases where retail operators or distributors were arrested for issuing duplicate SIMs to fraudsters in exchange for a fee. The data layer has been weak for years.

Does TRAI’s 2024 MNP rule prevent SIM swap fraud?

It helps but does not eliminate the risk. TRAI’s July 2024 amendment introduced a 7-day waiting period after a SIM swap before that number can be ported out to another telco. This kills the simplest version of the attack, where a scammer swaps and immediately ports. But it does not stop duplicate-SIM fraud within the same telco, and it does not stop a scammer who is patient enough to wait 7 days. Telco-level controls (port-out lock, SIM PIN, account PIN) and your own monitoring of signal loss remain essential.

What do I do if my SIM has been swapped and money has already moved?

Speed is everything. Call 1930 first to start the cybercrime complaint. File at cybercrime.gov.in within 24 hours with bank statement, recipient account details, your telco SIM status confirmation, and timestamps. Visit your telco store in person with ID and request immediate SIM reissue to you. Call every bank where you hold accounts and request freeze on UPI, cards, net banking, and mobile banking. Change passwords on email and any account linked to that phone number. RBI’s limited customer liability framework can apply if you report within the prescribed window. Speed of reporting is the single largest factor in fund recovery.

Foundational reads. The anchors behind every guide on this site.

• The First Hour After Cyber Fraud in India. What to do in the first 60 minutes after you realise you have been scammed.
• Pause, Verify, Then Act. The universal three-rule defence against every scam type.
• Your Digital Footprint Is the Scam’s Raw Material. Why scammers already know your name, employer, and bank.