Cybercriminals in India are now targeting eSIM users to carry out remote transactions without victims even realising it. In one recent case, a user lost Rs 4 lakh after fraudsters hijacked their mobile number and intercepted one-time passwords (OTPs). According to the Indian Cyber Crime Coordination Centre (I4C), scammers are increasingly manipulating users of all age groups through fake eSIM activation calls and phishing messages.
Here’s how the eSIM scam works and how to stay safe.
The scam usually begins with a convincing call or SMS that appears to be from your telecom provider. Scammers then share a fraudulent eSIM activation link via SMS or email. Once the victim clicks on it, their physical SIM card is deactivated, the phone loses network signal, and the mobile number gets transferred to the attacker’s device.
From that point on, every call, SMS, and OTP goes directly to the fraudsters. With OTP access, they can reset passwords, approve UPI payments, and transfer funds, without an ATM card or net banking login required.
Not entirely. SIM swap scams have existed for years. With physical SIMs, however, attackers usually need to visit a store or trick telecom staff, which slows down the process. eSIM fraud, on the other hand, can be executed remotely in just a few minutes, giving users little time to respond. Scammers trick users into clicking on malicious links or sharing sensitive details.
Also read: e-Aadhaar app may launch soon, will simplify Aadhaar updates with just one click, here’s how
Authorities, including the I4C, are urging users to stay vigilant. If you receive any SMS or email about SIM upgrades or eSIM activation, do not click on the link. Instead, verify directly with your telecom operator.