Fraud / SIM Swap

SIM-Swap Fraud: Immediate Defence Steps

CA Nikhil Gupta·June 2026·3 min readFraud / SIM Swap

A SIM swap can intercept calls and SMS used for password resets and transaction authentication. The first visible sign may be a phone that suddenly loses network service.

Quick View

First move

Use another phone to contact the telecom operator.

Core proof

Telecom complaint and SIM-change records.

Main mistake

Assuming it is ordinary network downtime for several hours.

Official route

National Cyber Crime Reporting Portal

What the Issue Means

Confirm whether the outage affects only one device or the mobile number itself. Contact the telecom operator through another phone and ask whether a replacement SIM, eSIM activation or port request occurred.

Secure financial accounts before waiting for the number to return. Ask banks to restrict mobile and UPI access, reset email passwords, sign out active sessions and change recovery methods. A compromised email account can allow the attacker to re-enter after the SIM is restored.

Report fraudulent telecom activity through the operator and relevant government channels. If financial transactions occurred, use the bank fraud process, 1930 and the cybercrime portal.

Action Steps

  1. Use another phone to contact the telecom operator.
  2. Block unauthorised replacement or porting.
  3. Call banks and card issuers.
  4. Reset email and financial credentials.
  5. Review recent transactions and device sessions.
  6. File cybercrime and telecom complaints.

Decision Table

SituationMeaningResponse
Network lossPhone shows no service unexpectedly.Check operator status immediately.
Account alertPassword or UPI reset message appears.Do not click; secure the account directly.
SIM changeOperator confirms a replacement or eSIM.Request reversal and records.
Financial lossUnauthorised debit follows.Use bank and cybercrime routes at once.

Practical Example

A business owner loses mobile service while travelling. Minutes later, email password-reset alerts appear. Instead of troubleshooting the handset for hours, the owner calls the operator from a colleague’s phone, blocks the SIM change and asks banks to suspend digital channels.

Evidence to Keep

  • Telecom complaint and SIM-change records.
  • Network-loss time and device screenshots.
  • Email security and login history.
  • Bank and card transaction alerts.
  • Fraud complaint numbers.
  • Identity documents submitted to the operator.

Common Mistakes

  • Assuming it is ordinary network downtime for several hours.
  • Resetting only the bank password but not email.
  • Using a phone number found in a random search advertisement.
  • Discarding the old SIM or device before evidence is preserved.
  • Failing to review all accounts linked to the number.

Escalation Route

Ask the telecom operator for a written complaint number and the available details of the replacement or port request. Preserve the identity-verification trail for investigation.

Use Sanchar Saathi and the operator’s official channels where relevant. Financial recovery still requires separate bank and cybercrime complaints.

Working Principle

Treat unexpected network loss as an identity-security incident until the telecom operator confirms otherwise.

The safest approach is to preserve the original record, use the official channel and explain the facts in chronological order. A portal acknowledgement, complaint number or filing receipt is part of the evidence and should be downloaded rather than assumed to remain available forever.

Rules and procedures can change, and the correct action depends on the exact transaction, policy, notice or account. Where money, limitation, criminal allegations, medical causation or a large tax position is involved, qualified professional advice should be obtained before taking an irreversible step.

Why Timing Matters

Fraud response has two parallel objectives: stop additional loss and preserve the evidence needed to trace the first loss. The immediate step is Use another phone to contact the telecom operator. Record the exact time because bank liability, fund tracing, SIM or account containment and police follow-up can all depend on how quickly the incident was reported.

The evidence file should begin with Telecom complaint and SIM-change records. Add the transaction reference, beneficiary, phone number, link, app name, device state and every complaint acknowledgement. Keep original chats and files untouched; explanatory screenshots can be created as copies, but they should not replace the source material.

Do not continue following the fraudster’s instructions in the hope of recovering money. A frequent error is Assuming it is ordinary network downtime for several hours. Use only independently located official numbers and portals. A bank dispute, cybercrime complaint and securities or telecom grievance may all be necessary because each route addresses a different part of the incident.

Frequently Asked Questions

Can a SIM swap move money by itself? â–¼
It can enable interception and account recovery, but attackers may need other credentials or device access.
Should the phone be factory-reset? â–¼
Preserve evidence first and secure accounts; reset only after considering forensic needs.
What accounts should be checked? â–¼
Banking, UPI, email, cards, broker, wallet and any service using SMS recovery.
Does restoring the SIM end the risk? â–¼
No. Passwords, sessions and recovery settings may remain compromised.