eSIM scams on the rise in India: How cybercriminals hijack numbers to steal money

India: Cybercriminals are increasingly exploiting eSIMs—digital SIMs stored on mobile phones—to hijack phone numbers and drain bank accounts within minutes. In a recent case, a victim lost ₹4 lakh after scammers took control of their number and intercepted OTPs. Authorities have warned that these scams are fast-moving and can cause substantial financial losses.

How the scam works

The eSIM scam typically begins with a convincing call or SMS claiming to be from the user’s mobile provider. Scammers then send a fake eSIM activation link via SMS or email.

Once clicked, the user’s physical SIM is deactivated, the phone loses signal, and the number is switched to the scammer’s device. Every call, message, and OTP now goes directly to them. With OTPs in hand, attackers can approve transactions, reset passwords, and transfer money without needing physical cards or login credentials.

Why eSIM scams are dangerous

eSIM technology offers convenience, but that same flexibility allows attackers rapid access to digital identities and finances. Even users who have disabled UPI or ATM services are at risk once their number is compromised. Unlike traditional SIM swaps, eSIM fraud can happen entirely online without in-person verification, making it faster and harder to prevent.

Quick protection tips

Ignore unknown links: Always manage your eSIM via your provider’s official app or website.

Never share OTPs or personal information: Banks and telcos will never request sensitive information over calls or SMS.

Monitor sudden signal loss: If calls or data drop unexpectedly, contact your provider immediately.

Freeze your number if needed: Alert your mobile operator and bank as soon as hijacking is suspected.

Physical SIM vs eSIM

While physical SIMs aren’t immune to fraud, eSIM scams can occur faster since they don’t require visiting a store or replacing a chip. Some users feel safer using physical SIMs because telcos usually require in-person verification for swaps. Ultimately, the weak link is social engineering rather than the SIM itself.

Authorities issue warnings

The Indian Cybercrime Coordination Centre (I4C) and other authorities have highlighted the speed and severity of eSIM scams. Victims can lose substantial sums in less than five minutes, making vigilance critical in India’s increasingly digital financial ecosystem.

Conclusion

As eSIM adoption grows, users must stay alert to social engineering tactics and safeguard personal information. Simple precautions—ignoring suspicious links, monitoring signals, and never sharing OTPs—can prevent cybercriminals from exploiting digital SIMs and protect finances in the fast-paced digital age.