In a digitally connected world, your phone number is the key to your identity—and cybercriminals are now using eSIM technology to steal it in minutes. Learn how to protect yourself.
In January 2025, a professional from Mumbai received a seemingly legitimate call from her mobile provider offering a free upgrade to eSIM technology. Within minutes of clicking the activation link sent via SMS, her phone lost all signal. Within hours, ₹4 lakh was siphoned from her bank account .
This wasn’t an isolated incident. The Indian Cybercrime Coordination Centre (I4C) has reported thousands of similar cases across the country, with losses totaling millions of rupees . As India embraces digital connectivity, eSIM technology—designed for convenience—has become the latest weapon in the fraudster’s arsenal.
The Rise of eSIM Technology in India
eSIMs (embedded SIMs) represent the future of mobile connectivity. Unlike physical SIM cards, these digital SIMs are built directly into your device, allowing you to switch carriers or plans without visiting a store. For travelers and digital natives, they offer unparalleled flexibility.
However, this convenience comes with new risks. Cybercriminals have adapted their methods to exploit security gaps in eSIM provisioning, targeting users through sophisticated social engineering techniques that bypass traditional security measures .
How the eSIM Scam Unfolds: A Step-by-Step Breakdown
1. The Initial Contact
Scammers typically initiate contact through impersonation tactics. Posing as representatives from major telecom providers (Jio, Airtel, Vi), they reach out via phone calls, SMS, or even social media messages. Their approach often involves:
Offering a “free upgrade” to eSIM technology
Claiming your current SIM requires “KYC verification”
Warning of immediate SIM deactivation unless action is taken
2. The Fake Activation Process
Victims receive a fraudulent activation link via SMS or email. This link appears legitimate, often mimicking the design and language of official telecom communications. Once clicked, it may:
Redirect to a fake verification page requesting personal information
Trigger an automatic eSIM provisioning process
Install malware on the device that facilitates remote access
3. The SIM Hijacking
Once the victim engages with the scam process, their physical SIM is deactivated and the phone number is transferred to an eSIM on the scammer’s device. This can occur without needing to physically access anything or use usual verification steps.
4. The Financial Drain
With control of the phone number, scammers can:
Intercept OTPs used for banking transactions
Reset passwords on financial accounts
Authorize transactions without needing card details
Access digital wallets and payment apps
Table: How eSIM Scams Compare to Traditional SIM Swap Frauds
| Aspect | Traditional SIM Swap | eSIM Scam |
|---|---|---|
| Physical Access Needed | Sometimes required | Never required |
| Time to Execute | Hours to days | Minutes |
| Verification Needed | Often in-person | Remote social engineering |
| Detection Difficulty | Moderate | High |
| Financial Impact | Variable | Often substantial |
Why eSIM Scams Are Particularly Dangerous
1. Speed of Execution
Unlike traditional SIM swap scams that might require visiting a store or bypassing physical verification, eSIM fraud can be completed within minutes . This gives victims little time to detect and respond to the threat.
2. Bypassing Security Measures
These scams effectively circumvent SMS-based 2FA (two-factor authentication), which remains the primary security method for most Indian banking and financial applications .
3. Difficulty in Detection
Since the scam doesn’t always involve malware or compromised devices, traditional security apps may not detect the threat . Social engineering tricks people by taking advantage of trust instead of finding weaknesses in technology.
Real-World Impact: Victims’ Experiences
The damage from these scams goes beyond money.
Victims say:
Significant emotional distress and feeling violated
Lengthy recovery processes with banks and telecom providers
Loss of trust in digital systems and mobile services
Professional repercussions when business accounts are compromised
One victim shared: “I considered myself tech-savvy, but the caller knew exactly what to say to make me click that link. Losing my life’s savings was devastating, but the feeling of vulnerability lasted much longer” .
How to Protect Yourself: 8 Essential Safety Measures
1. Enable SIM PIN Protection
Both iOS and Android devices allow you to set a PIN for SIM changes:
On iPhone: Go to Settings > Cellular > SIM PIN
On Android, go to Settings, then select Security, and choose SIM card lock.
This prevents unauthorized SIM swaps, including eSIM transfers .
2. Verify Before Clicking
Never click unsolicited links claiming to be from your telecom provider. Instead:
Contact your provider directly using official numbers
Visit a physical store for eSIM conversions
Use official apps for mobile account management
3. Strengthen Telecom Account Security
Add extra verification with your mobile provider
Set up a strong password for your telecom account
Enable additional authentication steps for account changes
4. Use Alternative 2FA Methods
Avoid SMS-based two-factor authentication when possible. Instead, use:
Authenticator apps (Google Authenticator, Microsoft Authenticator)
Hardware security keys
Biometric verification where available
5. Monitor Network Activity
Immediately act if your phone suddenly loses signal despite adequate coverage. Contact your:
Telecom provider to freeze your number
Bank to block financial transactions
6. Practice Digital Hygiene
Avoid sharing personal details on social media
Use VPNs on public networks
Keep your device software updated
7. Educate Vulnerable Family Members
Older adults may be particularly susceptible to these scams. Take time to:
Explain the risks of unsolicited calls
Establish verification protocols for telecom matters
Ensure they know how to contact you if suspicious calls occur
8. Implement Rapid Response Planning
Prepare a quick-action plan in case of suspected hijacking:
Keep offline copies of important contacts (bank, telecom provider)
Know how to quickly freeze bank accounts and credit cards
Understand your telecom provider’s fraud reporting process
Table: Emergency Contacts for Major Indian Telecom Providers
| Provider | Customer Care | Fraud Reporting |
|---|---|---|
| Jio | 198 | 1991 |
| Airtel | 121 | 198 |
| Vi | 199 | 198 |
| BSNL | 1503 | 198 |
What to Do If You’ve Been Victimized
If you suspect your eSIM has been compromised:
Immediately contact your telecom provider to freeze your number
Notify your bank to block transactions and monitor for fraud
File a report with the cybercrime division (www.cybercrime.gov.in)
Change passwords for critical accounts (email, banking, social media)
Monitor financial statements for unauthorized transactions
The Future of eSIM Security in India
Telecom regulators and providers are implementing stronger verification protocols for eSIM transfers. The Department of Telecommunications has already blacklisted 300,000-400,000 SIMs suspected of fraudulent activity .
Technological solutions being developed include:
Biometric verification for eSIM provisioning
AI-driven fraud detection systems at telecom providers
Enhanced customer alerts for SIM change requests
Blockchain-based authentication for mobile identities
FAQ: Addressing Common Concerns About eSIM Safety
🤔 Are eSIMs inherently less secure than physical SIMs?
No, eSIM technology itself isn’t less secure—in some ways, it’s more secure since it can’t be physically stolen. The vulnerability arises from social engineering attacks that trick providers into transferring numbers, not from the technology itself .
📱 Should I avoid switching to eSIM technology?
No, eSIMs offer legitimate benefits including convenience for travelers and multi-SIM capabilities. The key is to activate them through proper channels—visit your provider’s store or use their official app rather than responding to unsolicited offers .
⏰ How quickly can scammers drain accounts after hijacking?
Alarmingly fast. Cases have been reported where substantial amounts were stolen within 5 minutes of the number being hijacked. This speed underscores the need for immediate action when you suspect a compromise .
🏦 Who is liable if I lose money to an eSIM scam?
Liability depends on the circumstances. If you voluntarily shared information or clicked links, you may have limited recourse. However, if the telecom provider failed in their verification process, they may share responsibility. Document everything and report to authorities immediately .
🔒 Does a SIM PIN prevent eSIM swapping?
Yes, enabling SIM PIN adds a critical layer of protection. Even if scammers have your personal information, they would need this PIN to perform a SIM swap, including eSIM transfers .
🌐 I’m traveling soon. Should I be concerned about eSIM scams?
Travelers are common targets since they often seek connectivity solutions. Only purchase eSIMs from reputable providers—either directly from mobile carriers or established global eSIM services. Avoid too-good-to-be-true deals from unknown sources .
Conclusion: Vigilance in the Digital Age
eSIM technology represents a significant advancement in mobile connectivity, but like all technological progress, it can be exploited by malicious actors. The key to safety lies in awareness and healthy skepticism toward unsolicited communications.
By understanding how these scams work and implementing the protective measures outlined above, you can confidently embrace digital innovation without falling victim to those who would exploit it. Share this knowledge with friends and family—collective vigilance is our strongest defense against evolving cyber threats.
Remember: Your telecom provider will never initiate contact to request immediate eSIM activation or sensitive personal information. When in doubt, disconnect the call and contact them directly through official channels.
This article was based on advisory notices from the Indian Cybercrime Coordination Centre (I4C) and cybersecurity experts. For more information on reporting cybercrime, visit https://cybercrime.gov.in.