NEW DELHI: What begins as a routine phone call about a missed delivery can, within minutes, quietly divert bank alerts and verification calls to a criminal’s phone leaving victims locked out of their own accounts before they realize what has happened.
A Routine Call That Alters Control
In recent weeks, Indian authorities have sounded an alarm over a deceptively simple scam that exploits a long-standing mobile phone feature: call forwarding. According to an advisory issued by the Indian Cyber Crime Coordination Centre (I4C), fraudsters are increasingly impersonating courier or delivery service agents, contacting citizens under the pretext of confirming or rescheduling a package.
The interaction is designed to feel ordinary. Victims are told there is a minor issue with a delivery and are asked to dial a short code often sent via SMS to “confirm” details. The codes typically begin with prefixes such as 21, 61, or 67, sequences that appear innocuous to most mobile users. But officials say entering these codes can have immediate and serious consequences.
Final Call: FCRF Opens Last Registration Window for GRC and DPO Certifications
Once dialed, the codes silently activate call forwarding on the victim’s phone, redirecting incoming calls to a number controlled by the scammer.
How USSD Codes Are Being Misused
The mechanism at the heart of the scam relies on USSD, or Unstructured Supplementary Service Data, a telecom protocol that allows users to access network services without an internet connection. USSD codes, which include combinations of numbers and symbols such as “*” and “#,” are commonly used for legitimate purposes like checking balances or managing call settings.
In this case, officials say, fraudsters are weaponizing those same functions. By persuading victims to dial specific USSD sequences, scammers are able to reroute incoming calls without requiring access to the handset itself.
Authorities note that the redirection can affect critical communications: verification calls from banks, one-time password (OTP) confirmations for payments, and authentication messages from platforms such as WhatsApp and Telegram. These calls and alerts, instead of reaching the intended recipient, are diverted to the fraudster’s phone.
When Alerts Reach the Wrong Phone
By the time many victims sense that something is amiss, the damage may already be underway. Officials say verification calls from banks or security alerts from apps may be reaching a criminal’s device, allowing unauthorized financial transactions or the takeover of messaging accounts.
“This can lead to unauthorised financial transactions and takeover of messaging accounts,” officials said, warning that the delay between activation and detection leaves users particularly vulnerable.
The advisory underscores that the scam does not rely on malware or hacking software. Instead, it exploits trust, routine behavior, and a lack of public awareness about how everyday mobile features can be manipulated.
Warnings, Safeguards, and Reporting Channels
In response, the I4C has cautioned citizens not to dial or enter any USSD codes beginning with 21, 61, 67, or similar prefixes when shared by unknown callers. Users who suspect that call forwarding has already been activated are advised to immediately deactivate all forwarding services by dialing ##002#.
The advisory also urges people to avoid clicking on suspicious courier or delivery links received via SMS, WhatsApp, or email, and to verify delivery details only through official courier websites or customer care helplines.
Victims of such scams have been asked to report incidents without delay by calling the national cybercrime helpline 1930 or by lodging a complaint through the government’s cybercrime portal. Authorities say timely reporting can help limit financial losses and aid investigations into what they describe as a growing and increasingly sophisticated form of telecom-enabled fraud.
