Quick Heal Technologies Limited, a global provider of cybersecurity solutions, has uncovered concerning trends in the cybersecurity landscape after a spate of eSIM-based phone-number hijacks resulted in multi-lakh losses across India. The company’s team of researchers at Seqrite Labs, India’s largest malware analysis facility, warn that cybercriminals are exploiting the convenience of embedded SIM technology to redirect victims’ calls and texts, especially one-time passwords, onto attacker-controlled devices, enabling rapid theft from bank and payment accounts.
According to recent advisories from the Indian Cybercrime Coordination Centre (I4C), scammers posing as telecom or bank representatives persuade victims to “upgrade” to an eSIM by sending a fraudulent activation link. The moment the link is clicked, the victim’s physical SIM is deactivated, service drops to zero bars and every incoming message, including critical OTPs, is routed to the criminal. In one Noida case, a 44-year-old woman reportedly lost ₹27 lakh after her phone number was silently transferred to an attacker’s eSIM. Similar incidents in Mumbai and other metros mirror the same pattern of a convincing call, a bogus link and instant account drainage.
Researchers at Seqrite Labs note that eSIM fraud is a fast-growing subset of SIM-swap crime worldwide. The FBI investigated more than 1,000 SIM-swap cases in the United States last year, tallying nearly $50 million in losses, while UK fraud-monitoring service Cifas recorded a 1,000 percent jump in SIM-swap reports, and Australia’s IDCARE saw a 240 percent surge. Because eSIM activation can be completed remotely, attackers no longer need physical access to a carrier store, making the technique easier to scale.
Recognising the urgent need for public awareness, Quick Heal Technologies Limited advises mobile users to treat any unexpected eSIM activation link, QR code or caller ID with extreme scepticism. Consumers should request eSIM conversions only through official carrier apps, websites or in-store visits. If a handset suddenly loses network service without explanation, the user should immediately call the carrier from another phone, contact their bank to freeze transactions and change passwords for critical accounts. Financial institutions are urged to adopt adaptive multi-factor authentication methods that do not rely solely on SMS-based OTPs.
Quick Heal AntiFraud.AI, India’s first AI-powered fraud prevention solution that recently adopted a freemium model, already detects and blocks phishing SMS messages that mimic carrier communications. Quick Heal Technologies Limited has also updated its mobile-security solutions with heuristic rules to flag suspicious eSIM-related URLs. Consumers looking for detailed guidance can visit the Quick Heal Knowledge Centre, which outlines red-flag message formats, real-world case studies and step-by-step recovery actions if service is lost. Quick Heal Technologies Limited will continue to collaborate with telecom operators, regulators and law-enforcement agencies to shut down malicious domains and expedite takedowns of phishing infrastructure.
