How a Sophisticated SIM‑Swap Scam Cost One Man ₹5 Lakh

When Rahul Sharma (name changed) opened his bank app last week, he expected the usual flurry of notifications – a new transaction here, a balance update there. Instead, a single, chilling message appeared: his account had been emptied of nearly ₹5 lakh.

It didn’t happen in a flash. Over the past few days, Rahul says, he’d been bombarded with what seemed like ordinary text messages and emails – everything from promotional offers to a request to “verify” his new mobile number. He clicked a link, entered a few details, and then, just as he thought he’d helped a legit‑looking company, the scammers turned the tables.

According to Rahul, the crooks first persuaded his mobile carrier to deactivate his original SIM card. Within minutes, they activated a fresh one, essentially stealing his phone number. With that in hand, they could intercept every one‑time password (OTP) the bank sent for transaction authorisation.

“I had no clue what was happening,” Rahul admits, his voice shaking as he recalls the moment the fraudsters asked him to confirm a transfer of ₹5 lakh to an unfamiliar account. “I thought it was a routine verification, like when you move to a new SIM. I never imagined the number was already under someone else’s control.”

What makes this case especially alarming is the level of sophistication. The scammers didn’t just rely on a simple phishing link; they orchestrated a full‑blown SIM‑swap – a technique that requires the fraudster to convince the telecom provider, often by using personal data harvested from previous breaches. Once the new SIM is live, every OTP that would normally protect a transaction is silently rerouted to the criminal’s phone.

Financial institutions in India have warned about a surge in such attacks. The Reserve Bank of India (RBI) recently issued guidelines urging banks to adopt multi‑factor authentication beyond just SMS‑based OTPs. Yet, many users, including Rahul, still depend on the familiar, albeit vulnerable, text‑message system.

Rahul’s experience is a cautionary tale that highlights three key takeaways:

• Guard your mobile number like a password. Treat it as sensitive information – never share it casually and monitor any unexpected changes with your carrier.
• Enable stronger authentication. Wherever possible, switch to app‑based authenticators, biometric verification, or hardware tokens that aren’t tied to your phone number.
• Stay skeptical of unsolicited requests. If a message asks you to verify or move money, pause, verify the request through an official channel, and never click direct links.

As for Rahul, the bank has opened an investigation and promised to reimburse the lost amount, pending the outcome of a forensic analysis. He hopes his story will serve as a wake‑up call.

“I wish I’d known that scammers could hijack my SIM,” he says. “Now I’m more careful, and I’m urging everyone else to double‑check before they hit ‘send.’”