Quick Heal Technologies has raised alarm over a concerning rise in eSIM-based phone number hijacking across India, warning that cybercriminals are using social engineering and embedded SIM (eSIM) technology to bypass traditional telecom safeguards and drain bank accounts in minutes.
The company’s threat research arm, Seqrite Labs, has identified a surge in cases where victims lose service abruptly — only to discover later that their number was silently ported to a criminal’s device, enabling full control over one-time passwords (OTPs), texts, and calls.
How the Scam Works: Bogus Upgrade, Real Theft
Scammers pose as telecom or bank representatives and convince users to “upgrade” to eSIM by clicking a fraudulent activation link. Once the link is clicked:
The victim’s physical SIM is deactivated.
Their number is transferred to the attacker’s eSIM-enabled device.
All texts and OTPs — including those from banks — are routed to the hacker.
In one incident reported from Noida, a woman lost ₹27 lakh after unknowingly falling for such a scam. Similar cases have emerged in Mumbai and Delhi, with victims typically losing access to their phones just before funds are siphoned out.
Why eSIM Fraud Is Growing Fast
eSIM-based fraud is a next-gen version of SIM-swap scams, which previously required attackers to visit a physical store. With eSIM, the entire process is digital and remote, making it easier to automate at scale.
Global data shows this trend isn’t isolated:
The FBI investigated over 1,000 SIM-swap cases last year, reporting nearly $50 million in losses.
The UK saw a 1,000% surge in SIM-swap complaints.
Australia reported a 240% increase via its IDCARE support service.
In India, the scams are evolving fast — aided by rising eSIM adoption and insufficient user awareness.
How to Protect Yourself
Quick Heal recommends extreme caution when receiving messages or calls about eSIM upgrades. Here are its top safety tips:
Never click on unsolicited eSIM activation links or QR codes.
Always initiate eSIM upgrades through official telecom apps or physical stores.
If you suddenly lose network signal, immediately:
Contact your mobile provider from another phone.
Alert your bank and freeze all transactions.
Reset passwords for critical services.
Financial institutions are also urged to move beyond SMS-based OTPs and adopt adaptive multi-factor authentication.
AI-Powered Tools for Protection
To combat the growing threat, Quick Heal has updated its AntiFraud.AI system (now available in a freemium model) to detect and block SMS phishing attempts and eSIM-related scam URLs. It also added heuristic threat detection to its mobile-security app to flag suspicious telecom messages.
The Quick Heal Knowledge Centre offers case studies, red-flag templates, and recovery steps for affected users. The company is working closely with telecom providers, regulators, and law enforcement to shut down fraudulent domains and trace malicious actors.
