In a shocking case of cyber fraud, a man reportedly lost ₹11 lakh after becoming the victim of an e-SIM upgrade scam.
Fraudsters tricked him into activating an e-SIM on his phone, gaining complete control over his mobile number — and, consequently, his one-time passwords (OTPs) and bank account access.

This incident highlights a growing threat in India’s digital ecosystem: the vulnerability of SIM-based security in online banking and digital payments.

📱 What Is an e-SIM and How Does It Work?

An e-SIM (embedded SIM) is a digital version of the traditional physical SIM card.
Instead of inserting a card into your phone, users can activate or switch mobile networks digitally through a QR code provided by their telecom operator.

While e-SIMs offer convenience and flexibility, they also open new doors for cybercriminals.
If someone convinces your mobile provider to issue an e-SIM linked to your number, they can instantly take control of your phone number remotely.

🧠 How the Fraud Happens

Here’s how the scam typically unfolds:

Phishing Message or Call –
The victim receives a fake message or call pretending to be from a telecom provider or a bank, urging them to “upgrade” their SIM to an e-SIM or verify details.

Fake Verification Process –
The scammer asks for personal details such as date of birth, email ID, or bank-linked phone number — and may even send a malicious link or QR code.

e-SIM Activation by the Hacker –
Using the collected details, the fraudster requests the telecom operator to activate an e-SIM in their own device. Once approved, the original SIM stops working.

Complete Access to OTPs –
Once the new e-SIM is active, all SMS-based OTPs, bank alerts, and authentication messages are delivered to the fraudster’s phone — allowing them to log in and drain bank accounts.

In just a few minutes, victims can lose lakhs of rupees without realizing it.

🔍 Why OTPs and SIM Security Are No Longer Safe

Experts say that relying solely on SMS-based OTPs for banking transactions is becoming increasingly risky.
Here’s why:

e-SIM and SIM swap frauds can reroute OTPs to hackers’ devices.

Malware apps can read OTPs directly from notifications.

Phishing emails and fake websites can trick users into revealing OTPs.

AI voice cloning is being used to impersonate bank officials and extract information.

In essence, the phone number — once a trusted layer of digital identity — is no longer secure.

🧩 Real-World Impact

According to cybercrime reports, SIM swap and e-SIM frauds have increased sharply in India since 2023.
Many victims, including senior citizens and working professionals, have lost between ₹50,000 to ₹20 lakh within hours.

Authorities warn that fraudsters are using advanced techniques such as social engineering, spoofing, and data leaks to target vulnerable users.

🛡️ How to Stay Safe from e-SIM and OTP Fraud

Never share OTPs, QR codes, or personal details with anyone claiming to be from a bank or telecom operator.

Do not click on links in unsolicited messages or emails about “SIM upgrades” or “e-KYC verification.”

Immediately contact your telecom provider if your phone loses signal suddenly without reason — it could mean your SIM was cloned or swapped.

Enable app-based authentication (like Google Authenticator) instead of SMS-based OTPs for sensitive accounts.

Register for transaction alerts via email in addition to SMS.

Regularly check your bank statements for unauthorized transactions.

🧾 Government and Bank Guidelines

The Reserve Bank of India (RBI) and CERT-In have repeatedly advised banks to move toward multi-factor authentication that doesn’t depend solely on SIMs or OTPs.
Telecom operators are also tightening verification steps for e-SIM activation to reduce fraud.