A new kind of cyber fraud is rapidly spreading across the country — one where criminals trick mobile users into dialing a small USSD code and secretly turn call forwarding on. According to the Ministry of Home Affairs–backed Indian Cyber Crime Coordination Centre (I4C), the scam is primarily targeting people who frequently use online delivery and courier services.
As soon as the victim dials the USSD code, bank-related and OTP verification calls begin to get diverted directly to numbers controlled by the fraudsters. Authorities say several cases of unauthorized bank transactions and even takeovers of WhatsApp, Telegram and other messaging accounts have been reported.
The Future Crime Research Foundation (FCRF) warns that the trend is no longer limited to metros — it is now penetrating smaller towns and rural areas, with organized gangs misusing telecom settings in sophisticated ways.
What is USSD — and how scammers change the rules of the game
USSD (Unstructured Supplementary Service Data) codes are short service codes that start and end with “*” and “#”. They are normally used for checking balance, activating plans or changing network settings — and they do not require internet connectivity.
This convenience has now become a powerful weapon for cybercriminals. Their method usually looks like this:
- First, they call pretending to be courier or delivery agents
- They create urgency saying “address confirmation” or “re-delivery needed”
- Then they ask the victim to dial a “small code” — usually 21, 61 or 67
- Once dialed, call forwarding gets activated on the victim’s phone
- From then on, bank verification, OTP and authentication calls get routed to the scammer’s number
Victims often believe their phone is simply malfunctioning — while, in reality, every important call is silently diverted. Since many services still rely on call-based authentication, criminals gain access without even asking for passwords.
Expert view — “Urgency is their biggest weapon”
Former IPS officer and well-known cyber crime expert Prof. Triveni Singh says scammers always create a sense of panic and hurry.
“If any caller forces you to dial a code, share an OTP or transfer a call — stop right there. It is almost certainly suspicious. Disconnect immediately and do not call back.” — Prof. Triveni Singh
He advises users to regularly check their call-forwarding settings and disable anything unfamiliar.
FCRF further notes that in the coming years, the mix of “social engineering + telecom settings” could become one of the biggest cyber-crime challenges — making awareness and fact-verification absolutely critical.
How to stay safe — key advice from I4C and FCRF
Authorities have urged citizens to follow these precautions:
- Never dial any USSD code like 21, 61, 67 sent by unknown people
- If you suspect call forwarding is active, dial ##002# to switch it off
- Avoid suspicious courier-tracking, re-delivery or bank verification links
- Always verify information only through official websites or customer care
- Report fraud immediately to the 1930 helpline or cybercrime.gov.in
Experts say even a little caution can prevent major financial loss. Think twice before changing any phone setting — and if something feels doubtful, simply say “no” and hang up.
