Breaking News
India’s National Cybercrime Threat Analytics Unit has issued a fresh advisory warning citizens about a sharp increase in USSD-based call forwarding scams that are enabling financial fraud and silent takeovers of bank and digital accounts. The alert, released under the Indian Cyber Crime Coordination Centre (I4C), highlights how fraudsters are exploiting basic telecom features to bypass security systems—without using the internet.
Officials said the scam relies heavily on social engineering, preying on users’ limited understanding of USSD codes, which are typically associated with routine telecom services such as balance checks or customer support functions.
How the Scam Operates
According to the advisory, scammers often impersonate courier or delivery agents and contact victims claiming that a parcel requires confirmation, address verification or rescheduling. Victims are then instructed—either during the call or via a follow-up message—to dial a USSD code, usually starting with *21*, followed by a phone number controlled by the fraudster.
Once the code is dialled, call forwarding is instantly activated on the victim’s phone. This causes all incoming calls—including bank verification calls, OTP alerts and authentication requests from platforms such as WhatsApp, Telegram and financial institutions—to be redirected directly to the scammer. With control over these verification channels, criminals can approve transactions, reset passwords and take over multiple accounts without the victim’s knowledge.
Why the Fraud Is Hard to Detect
The cybercrime unit noted that USSD codes function without internet connectivity and execute immediately, making the attack difficult to identify in real time. In many cases, victims receive no notification that call forwarding has been enabled on their device.
Because the scam exploits legitimate telecom features, traditional antivirus tools, spam filters and app-based security solutions often fail to flag or block the activity. Many victims only realise something is wrong after noticing unauthorised bank transactions or losing access to their digital accounts.
Precautions and Safety Measures
Authorities have urged users never to dial USSD codes beginning with 21, 61, 67 or similar prefixes when prompted by unknown callers. Anyone who suspects that call forwarding has been activated should immediately dial ##002# to cancel all call forwarding services.
Users have also been advised to avoid clicking on suspicious delivery-related links received via SMS, email or messaging apps, and to verify shipment details only through official courier websites or verified customer care numbers.
Any suspected cyber fraud should be reported immediately by calling the national cybercrime helpline 1930 or by filing a complaint on the official cybercrime reporting portal.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
