The Indian Cybercrime Coordination Centre (I4C), a specialized unit under the Ministry of Home Affairs, has sounded an alarm over a new form of digital fraud involving fake eSIM activation. The scam, authorities warn, is capable of draining money from victims’ bank accounts without the need for traditional security checks such as OTPs or ATM PINs, making it among the more dangerous cybercrimes now in circulation.
The Anatomy of the eSIM Scam
I4C officials explained that fraudsters initiate the scheme by calling potential victims and persuading them to click on a fraudulent eSIM activation link. Once a user follows the instructions, the victim’s physical SIM card becomes inactive, and the scammer successfully transfers the number onto an eSIM-enabled device under their control.
Final Call: Be DPDP Act Ready with FCRF’s Certified Data Protection Officer Program
The shift effectively hands over control of the mobile number, enabling criminals to intercept OTPs sent by banks. With this access, they can conduct unauthorized transactions directly from the victim’s accounts. In one reported case, nearly ₹4 lakh was siphoned from an unsuspecting individual.
The scheme exploits the growing adoption of eSIM technology, which eliminates the need for physical cards and allows remote provisioning. While the technology has been marketed as a convenience, it has opened an unexpected front for cybercriminal exploitation.
Escalating Concerns and Official Responses
The warning arrives just weeks after the Department of Telecommunications’ Financial Fraud Risk Indicator (FRI) blacklisted between 300,000 and 400,000 SIM cards suspected of being used in financial scams. The FRI system, aided by AI-enabled tools, flags approximately 2,000 high-risk numbers each day, many linked to fraudulent schemes such as investment fraud and fake job offers.
The government has emphasized that users should exercise caution by avoiding unsolicited calls or links related to eSIM activation. Officials further advise that if a mobile phone suddenly loses network connectivity, customers should immediately notify both their telecom provider and their bank to prevent financial compromise.
Launched in January 2020, the I4C portal was designed to centralize the reporting and tracking of cybercrimes. With digital transactions expanding rapidly and smartphones becoming central to daily life, cyber fraud cases have surged, prompting authorities to issue alerts that now extend to new technologies such as eSIMs.