eSIM Fraud in India: How Scammers Hijack Your Number and Empty Your Bank
eSIM Fraud
Most of us grew up knowing one kind of SIM card β the small plastic chip you pop into your phone to get a mobile connection. An eSIM (embedded SIM) is a newer version of that. Instead of a regular SIM you insert in your smartphone, an eSIM is a tiny chip already built inside your phone. You can never remove it or see it. It works the same as a regular SIM, but it is activated digitally β without visiting any store.
Your telecom operator- Jio, Airtel, Vi, or BSNL sends a QR code or a link through which you activate the eSIM. Scan or click and verify a few details, and your number gets transferred to the eSIM. This procedure gets done in less than 10 minutes from anywhere on any device. That convenience is exactly what makes this technology a target for fraudsters.
iPhones from the XS model onwards, Samsung Galaxy S-series phones, Google Pixel phones, and many modern Android flagships support eSIM. If you own any of these devices, your number can be moved to an eSIM without anyone physically touching your phone β which is precisely the threat you need to understand.
A Sign of How Serious This Already Is:Indiaβs Department of Telecommunications (DoT) ordered Apple and Google in 2024 to remove several unauthorised eSIM provider apps from their Indian app stores. The government would not have moved this quickly if eSIM fraud were not already a serious, widespread problem across the country.
How eSIM Fraud Works: Step by Step
To understand why eSIM fraud is so dangerous, it helps to compare it to the older SIM swap scam that many Indians have heard of. In a SIM swap, fraudsters had to physically go to a telecom store, pretend to be you, and get a duplicate SIM issued in your name. That process took hours or even days β and left a trail.
eSIM fraud is different. It happens entirely online. There is no store visit, paper trail, or insider needed. From the moment a scammer calls you to the moment your bank account is empty, the entire attack takes 30 minutes. Here is how it unfolds, step by step.
1. The First Call β Sounding Official
Your phone rings, an instant WhatsApp message, then an SMS from someone who sounds extremely professional. βIt is Jio customer care,β it says, βAirtel customer support,β it insists, βItβs TRAI,β it announces, or perhaps a Government department such as the DoT. The message always has a tone of extreme urgency β your SIM card is going to be deactivated very soon, your KYC information is not valid anymore, or perhaps youβve won yourself a free eSIM upgrade. This message is calm, convincing and sounds utterly authoritative. Very few people hang up!
2. The Fake eSIM Activation Link Arrives
Almost immediately, a link lands in your SMS inbox or email. It looks real β the design copies the official Jio or Airtel website. The website URL is likely to be something like βjio-esim-kyc.inβ or βairtel-esim-upgrade. coβ-close enough that the occasional glance wouldnβt notice. The scammer will remain on the phone the entire time to guide you through your actions, simulating a routine process.
3. You Enter Your Details β or Dial a Code
The page asks for your mobile number, date of birth, Aadhaar number, or an OTP for βverification.β In some variations of this eSIM scam, the caller asks you to dial a code directly on your phoneβs dial pad β something like *62*[number]# β telling you it will βconfirm the upgrade.β What that code actually does is silently redirect all your incoming calls and SMS messages to the fraudsterβs number.
4. Your Phone Loses All Signal
The moment the fraudster completes an unauthorised eSIM activation using your number and details, your physical SIM card is deactivated automatically. Your phone screen shows βNo Serviceβ or βNo Signal.β At this point, most victims assume there is a network outage or a temporary technical problem. They put their phone aside. That pause β those few minutes of inaction β is exactly what the scammer is counting on.
5. Your OTPs Go Straight to the Fraudster
Your mobile number is now active on a device that the scammer controls. Every OTP that your bank sends β for net banking login, for UPI approvals, for resetting your password β lands on their phone, not yours. They can now log in to your bank account, approve transfers, reset your email password, and lock you out of everything β all at the same time.
6. Your Accounts Are Emptied Before You Realise
By the time you try calling someone on a borrowed phone to figure out why your SIM stopped working, the fraudster has often already transferred money, broken a fixed deposit, or even taken an instant loan in your name. Cases have been reported where the complete financial damage β from savings account, fixed deposits, and a personal loan β happened within 45 minutes of that first phone call.
π Real Cases β India 2025
1. Noida Woman Loses βΉ27 Lakh in a Single Night
A 44-year-old resident in Noida received a call through WhatsApp from an unknown number as a telecom customer care executive. The executive informs that for the womanβs mobile number to be activated, she would require a new e-SIM to be installed on her handset. He walked her through entering a code on her phoneβs dial pad β something that seemed harmless at the time. Her SIM went silent minutes later. That night, scammers used OTPs sent to the hijacked number to break her fixed deposit, clean out her savings account, and take a βΉ7.40 lakh personal loan in her name. She discovered the loss only the next morning.
2. Mumbai Professional Loses βΉ4 Lakh in Under 2 Hours
A professional working in Mumbai got a call early in the morning in February 2025, which she thought was a typical call from her mobile provider offering a free upgrade to a virtual eSIM. The person on the other end was courteous, polite and patient. The woman had no signal two minutes after clicking the activation link that appeared on her phone. She assumed it was a network glitch. Two hours later, when she finally borrowed a colleagueβs phone to check, βΉ4 lakh had already been transferred out of her account β before her bankβs customer care line even picked up her call.
eSIM Fraud vs. Old SIM Swap Scam: What Has Changed?
Many people in India are already aware of SIM swap fraud β it has been in the news for years. But eSIM fraud is a different beast. It is faster, harder to trace, and far more difficult to stop once it has started. Understanding the difference helps you see why the old advice of βwatch out for SIM swapβ is simply not enough anymore.
| Factor | Old SIM Swap Scam | eSIM Fraud (New) |
|---|---|---|
| Store Visit Required? | Yes β fraudster visits telecom store in person. | No β executed 100% online, from anywhere. |
| Time to Execute | Hours to days due to paperwork and waiting. | Under 10β30 minutes from first contact. |
| Physical Access Needed? | Sometimes β may require insider help. | Never β no physical access required at all. |
| Can You Detect It Early? | Yes β slower process gives some warning time. | Very difficult β signal loss is usually the only early sign. |
| How Scammers Operate | Fake identity at the store or bribing telecom staff. | Social engineering, fake links, and dial codes. |
| Overall Risk Level | High | Extremely high β and rising fast. |
The most dangerous shift is speed. SIM swap fraud gave victims a window β sometimes hours β to notice something was wrong. eSIM fraud closes that window in minutes. By the time you realise your phone has no signal, the financial damage may already be done. That is why awareness β before it happens to you β is your most important protection.
Warning Signs That You Are Being Targeted
eSIM fraud rarely happens without at least one warning sign appearing first. The problem is that these signs are easy to miss β or easy to dismiss as normal technical issues. Knowing what to watch for can give you the few precious seconds you need to hang up, step back, and avoid the trap entirely.
π΅Your phone suddenly shows βNo Signalβ or βNo Serviceβ with no network outage in your area
π±You receive an eSIM activation QR code or confirmation message that you never asked for
πA caller from βcustomer careβ asks you to enter a code on your phoneβs dial pad
πYou receive an SMS with an βeSIM upgradeβ link, a KYC verification URL, or a SIM renewal prompt
π«Bank OTPs and app login codes stop arriving on your phone without any reason
π°You see unknown debits, UPI transactions, or loan approvals in your bank account history
Trust this instinct: if a caller is creating urgency around your SIM, your KYC, or your eSIM β and pushing you to act right now β that pressure itself is the warning sign. No genuine telecom company or government department will threaten to disconnect your number within the next 10 minutes. Take a breath, hang up, and call your operator directly using the number on their official website.
How to Protect Yourself from eSIM Fraud
The good news is that eSIM fraud is completely preventable. Every single case that has been reported in India had one thing in common β the victim was convinced to either click a link, share an OTP, or dial a code. Here are some steps :
1. Never click an eSIM activation link you did not ask for.
If you receive an activation link or QR code via SMS, email, or WhatsApp and you did not initiate a SIM change yourself, do not open it. Call your operator directly to verify β using the number on their official website, not the one the caller gives you.
2. Never share an OTP with anyone, ever.
Not with Jio. Not with Airtel. Not with your bank. Not with the government. No legitimate company will ever ask for your OTP over a phone call. That rule has no exceptions.
3. Never dial unknown codes on your dial pad.
Codes like*62*[number]#or**21*[number]#are call and SMS forwarding commands. If a stranger β even a convincing βcustomer care agentβ β asks you to dial something, refuse and hang up immediately.
4. Request a SIM lock from your telecom provider.
Contact Jio, Airtel, or Vi and ask them to restrict your account so that no SIM-related changes β including eSIM activation β can happen without an additional verification step initiated by you in person.
5. Switch to an authenticator app for two-factor authentication.
Apps like Google Authenticator or Microsoft Authenticator generate login codes offline, inside your phone. These codes cannot be intercepted through SIM hijacking, unlike SMS OTPs. Use them wherever your apps allow it β especially for email and banking.
6. Check your SIM registrations on Sanchar Saathi.
Visitsancharsaathi.gov.in, enter your Aadhaar-linked mobile number, and see how many SIM cards are registered in your name. If you find any connections you do not recognise, you can block them right there through the TAFCOP service β in under 5 minutes.
7. Keep a separate UPI transaction PIN.
Your UPI PIN on GPay, PhonePe, or Paytm should be different from your ATM PIN and net banking password. If one is compromised, the others stay protected.
8. Talk to your parents and elderly relatives about this scam today.
Fraudsters deliberately target older users who are less familiar with eSIM technology. A five-minute conversation with your family could prevent a loss of lakhs.
What to Do If You Are Targeted or Become a Victim
Do not assume it is a tower issue. Act as if your number has been hijacked, because if you have recently received a suspicious call or clicked a link, it very likely has been. Every minute matters. Here is exactly what to do, in this order.
1. Call your bank immediately β from any other phone.
Borrow a family memberβs device, use a colleagueβs phone, or find a landline. Tell your bank to block all outgoing transactions, freeze your UPI access, and suspend your net banking. Do not wait until you βconfirmβ what happened. Act first, investigate later.
2. Call your telecom operator right away.
Jio: 198. Airtel: 198. Vi: 199. Tell them you suspect an unauthorised eSIM activation on your number and ask them to deactivate it immediately and block further changes. Request an emergency SIM replacement so you can regain control of your number as quickly as possible.
3. Dial 1930 β the National Cybercrime Helpline.
You can also go to cybercrime.gov.in to file an online complaint. Speed is everything here. Reports filed within the first few hours of a fraud have a significantly higher rate of fund recovery, because banks and police can freeze the fraudsterβs receiving account before the money moves further.
4. File an FIR at your nearest cybercrime police station.
Bring every piece of evidence you have β screenshots of the suspicious SMS, call logs, WhatsApp messages, and bank transaction records. An FIR is required for a formal police investigation and is also necessary if you are making an insurance claim for financial losses.
5. Once your SIM is restored, change every password.
Start with your email β because your email is the master key to everything else. Then change your banking app passwords, social media account passwords, and UPI PINs. Enable two-factor authentication using an authenticator app, not SMS, going forward. Check your bank statements for any loans or credit lines that may have been opened in your name.
π Important Helpline Numbers for India
1930
National Cybercrime Helpline
Online Complaint Portal (I4C)
What Is the Indian Government Doing About eSIM Fraud?
Finally, the Indian Govt is taking some steps against the eSIM fraud activities, and the steps taken demonstrate how seriously it views this menace at the national level.
Finally, the Indian Govt is taking some steps against the eSIM fraud activities
In 2025, the Indian Cybercrime Coordination Centre (I4C), which operates under the Ministry of Home Affairs, published several detailed public advisories about eSIM fraud.
The Department of Telecommunications (DoT) stepped in by instructing both Apple and Google to delist unauthorised eSIM provider apps from their Indian app stores. At the same time, regulators directed telecom companies to implement stricter verification for any eSIM activation request β including additional identity checks that go beyond a simple OTP. Hundreds of thousands of SIM cards linked to financial fraud networks were also blacklisted as part of an ongoing mobile security crackdown.
Perhaps the most practical tool the government has given ordinary citizens is the Sanchar Saathi portal at sancharsaathi.gov.in. Through this portal β specifically the TAFCOP (Telecom Analytics for Fraud Management and Consumer Protection) service β any Indian resident can instantly check how many mobile connections are registered against their Aadhaar or ID. If there are connections you do not recognise, you can flag and disconnect them yourself, directly from the portal.
Frequently Asked Questions
Q1. Can eSIM fraud happen to me even if I donβt have an eSIM-compatible phone?
Yes, it can β and this surprises many people. Fraudsters do not need you to own an eSIM-supported phone. They transfer your existing number to an eSIM on their own device. All they need is your mobile number and some basic personal details β which they collect through fake calls or phishing pages β to initiate the eSIM activation request with your operatorβs online system. The attack happens on their end, not yours.
Q2. What are the early signs that eSIM fraud is happening to me?
The clearest early sign is your phone suddenly losing all network signal β no calls, no SMS, no mobile data β especially after a suspicious call or a link you may have clicked. Before that happens, the signs include an urgent call from a supposed βcustomer careβ agent, an unexpected eSIM activation message or QR code, or a caller asking you to dial a code. If any of these happen, treat it as an active threat and act immediately β do not wait to confirm.
Q 3. Is eSIM technology itself dangerous? Should I avoid switching to eSIM?
eSIM technology is completely safe when used correctly. There is no flaw or weakness in the technology itself. The fraud works entirely through social engineering β scammers manipulating people into handing over access voluntarily. If you never click unsolicited activation links and never share OTPs with unknown callers, your eSIM is as secure as any regular SIM. Millions of people worldwide use eSIM without any issues.
