No call, no link, no Clue: This Bengaluru youth loses ₹7.2 lakh in SIM swap fraud

A 27-year-old Bengaluru resident lost ₹7.2 lakh from his bank account in a sophisticated SIM-swap fraud that unfolded without a single phone call, suspicious link or direct interaction with scammers, as per reported by The 420.

According to cybersecurity experts, the fraudsters managed to transfer the victim’s mobile number to another SIM card without his knowledge, allowing them to intercept banking One-Time Passwords (OTPs) and transaction alerts. The incident highlights a growing threat in which criminals can gain access to bank accounts without tricking victims into clicking malicious links or sharing sensitive information.

Don’t Miss: ‘Cockroaches rocked’: Prakash Raj supports CJP’s Protest demanding Dharmendra Pradhan’s resignation

No call, no link: How the fraud unfolded

In a typical SIM-swap attack, fraudsters transfer a target’s mobile number to a SIM card under their control. Once the transfer is complete, all OTPs and banking notifications are routed to the new device, giving criminals access to online banking services. Because the compromise takes place at the telecom network level, victims often remain unaware until money has already been withdrawn from their accounts.

The SIM lock feature many users overlook

To reduce the risk of such attacks, security experts recommend enabling a SIM lock on smartphones. The feature requires a Personal Identification Number (PIN) before the SIM can connect to a network, adding an extra layer of protection even if a SIM card is cloned, stolen or fraudulently ported.

On Android devices, users can activate the feature by going to Settings, then Security & Privacy, selecting More Security Settings and enabling the SIM Card Lock option. The device will then prompt users to create a PIN. Experts caution that entering an incorrect PIN three times can lock the SIM, requiring a Personal Unlocking Key (PUK) from the telecom operator to restore access.

For iPhone users, the setting can be enabled through Settings, then Cellular, followed by the SIM PIN section. Security professionals advise against using easily guessable combinations such as “0000” or “1234” as PINs.

Why experts are moving away from SMS-based OTPs

Experts also recommend moving away from SMS-based two-factor authentication for critical accounts such as Gmail and internet banking. Instead, users should consider dedicated authentication apps like Google Authenticator or Microsoft Authenticator. Unlike SMS OTPs, these applications generate time-sensitive codes directly on the device, making them immune to interception through SIM-swap attacks.

The warning sign you should never ignore

Consumers are also urged to pay close attention to sudden and unexplained loss of mobile network service. If cellular connectivity disappears and does not return after restarting the phone or toggling Airplane Mode, users should immediately contact their telecom provider. Where possible, they should visit an authorised retail outlet so technicians can verify whether the number has been fraudulently ported and issue a replacement SIM if necessary.

The Bengaluru case serves as a reminder that cybercriminals no longer need victims to click on suspicious links or share passwords. In some cases, simply taking control of a mobile number can be enough to empty a bank account.