New Delhi | If your phone suddenly goes silent — and the usual bank OTP calls or verification alerts stop appearing — it may not just be a network glitch. It could be the sign of a sophisticated cyber fraud quietly taking control of your digital life.
Over the past few months, authorities have observed a sharp spike in cases where cybercriminals exploit the call forwarding feature on mobile phones. By quietly diverting incoming calls and verification alerts to their own numbers, scammers gain access to victims’ bank accounts, digital wallets and messaging apps — often before the user even realises something is wrong.
Final Call: FCRF Opens Last Registration Window for GRC and DPO Certifications
I4C flags emerging scam: turning a legitimate feature into a weapon
The Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs has sounded the alarm, calling it an emerging USSD-based call forwarding scam.
USSD (Unstructured Supplementary Service Data) codes — the short combinations of numbers and symbols like * and # — are meant to help users access telecom services even without internet. But the same convenience is now being repurposed by fraudsters.
The script: “Delivery verification” call — followed by a dangerous code
According to the advisory, scammers contact citizens while pretending to be:
- courier or delivery staff
- SIM verification executives
- parcel rescheduling agents
Victims are told that their parcel may be “returned” or delivery may be cancelled — unless they dial a “verification code” immediately.
These codes generally begin with 21 and are linked to a mobile number controlled by the scammer.
The moment the victim dials the code, call forwarding is activated automatically on their phone.
From that point on:
- bank verification calls
- payment OTP alerts
- WhatsApp and Telegram authentication messages
are silently redirected to the fraudster’s device — allowing them to reset passwords, log into accounts and lock victims out entirely.
Which codes are dangerous?
I4C has issued a clear warning:
Do not dial any USSD code beginning with 21, 61, 67 or similar prefixes — especially if someone asks you to do it over a call.
Users are also advised not to manually activate call forwarding unless they fully understand its purpose.
If call forwarding is already active — what should you do?
If you suspect you may have dialed such a code, authorities recommend immediately dialing:
##002#
This command disables all active call-forwarding services.
Additionally, users should:
- change passwords and PINs
- review bank / UPI transaction history
- verify any suspicious login alerts across apps
Beware of delivery links and urgent messages
Officials also warn that scammers increasingly send fake courier or delivery links to pressure users into acting quickly.
Safer alternatives include:
- checking delivery status only through official courier apps or websites
- avoiding unknown links received on SMS or WhatsApp
- contacting customer care numbers found directly on official websites
Where and how to report cyber fraud
If you suspect that:
- call forwarding was activated
- an unauthorized transaction occurred
- your messaging or bank account was compromised
report immediately:
- National Cyber Helpline: 1930
- www.cybercrime.gov.in
Authorities emphasize that quicker reporting significantly improves the chances of freezing fraudulent transactions and tracing organised cybercrime networks.
About the author — Suvedita Nath is a science student with a growing interest in cybercrime and digital safety. She writes on online activity, cyber threats, and technology-driven risks. Her work focuses on clarity, accuracy, and public awareness.
