New Delhi: Amid rapidly evolving cybercrime techniques, the Ministry of Home Affairs (MHA) has issued a public warning over a new USSD-based cyber fraud that enables criminals to gain unauthorised access to bank accounts and digital platforms. According to the ministry, fraudsters are misusing the call forwarding feature on mobile phones to intercept critical banking and authentication calls, leading to financial losses and account takeovers.
What makes the scam particularly dangerous is that it does not require internet access, mobile apps, or malware installation, making it difficult for users to detect and for conventional cybersecurity systems to block.
The advisory has been issued based on inputs from the National Cybercrime Threat Analytics Unit, operating under the Indian Cyber Crime Coordination Centre (I4C). Officials have flagged a sharp rise in complaints linked to call forwarding frauds across multiple states in recent months.
What is the USSD scam
USSD (Unstructured Supplementary Service Data) codes are special combinations of numbers along with asterisks (*) and hash (#) symbols, commonly used for legitimate purposes such as checking mobile balances, activating telecom services, or accessing basic phone functions.
However, cybercriminals are now exploiting these codes to covertly activate call forwarding on victims’ phones. Once enabled, all incoming calls—including those from banks, payment gateways, and messaging platforms—are automatically redirected to numbers controlled by the fraudsters.
As a result, one-time passwords (OTPs), verification calls, and security alerts meant for the victim are received directly by the criminals, allowing them to carry out unauthorised financial transactions and hijack WhatsApp, Telegram, and other linked accounts.
Delivery calls used as bait
According to the MHA, the most common modus operandi involves fraudsters posing as courier or delivery service agents. Victims are told that a parcel delivery requires confirmation or rescheduling. Under this pretext, the caller sends a USSD code via SMS and urges the recipient to dial it immediately.
These codes typically begin with 21, followed by a mobile number belonging to the fraudster. The moment the code is dialled, call forwarding is activated—often without the victim fully understanding the consequences.
Officials noted that many victims realise something is wrong only after money has been siphoned from their accounts or when they suddenly lose access to their messaging platforms.
No internet, no app—yet high impact
The ministry has cautioned that the scam works entirely offline, without requiring internet connectivity or malicious software. Its simplicity and reliance on social engineering make it particularly effective, especially among users unfamiliar with telecom features.
Because USSD codes are widely used for legitimate services, victims often lower their guard, assuming the request to be harmless. This has allowed fraudsters to bypass traditional cybersecurity filters and operate undetected.
MHA issues clear precautions
To safeguard citizens, the Ministry of Home Affairs has issued the following advisories:
- Do not dial any USSD code shared by unknown or suspicious callers, especially those starting with 21, 61, 67, or similar prefixes
- If call forwarding has been activated unknowingly, immediately dial ##002# to deactivate all call forwarding services
- Avoid clicking on courier or delivery-related links received via SMS, WhatsApp, or email
- Always verify delivery details directly through the official website or customer care helpline of the courier company
How to report cyber fraud
- Citizens who encounter such scams or suspect fraudulent activity have been urged to act without delay:
- Call the national cybercrime helpline number 1930, or
- File a complaint on the official cybercrime portal: www.cybercrime.gov.in
The Ministry reiterated that public awareness remains the strongest defence against emerging cyber threats. Mobile users have been advised to remain cautious while dealing with unsolicited calls and messages, and to avoid acting in haste under pressure.
Officials indicated that continued monitoring and analysis of such fraud patterns is underway, and further advisories may be issued as cybercriminal tactics evolve.
