The National Cybercrime Threat Analytics Unit has issued a fresh advisory warning citizens about a growing USSD-based call forwarding scam that is leading to financial fraud and account takeovers. The alert has been released under the Indian Cyber Crime Coordination Centre, highlighting how criminals are misusing basic telecom features to bypass security safeguards without requiring internet access .
According to the advisory, the scam relies on social engineering and exploits users’ unfamiliarity with USSD codes, which are commonly used for telecom services.
How the USSD call forwarding scam works
The advisory explains that cybercriminals are impersonating courier or delivery agents and contacting victims under the pretext of confirming or rescheduling a parcel delivery. During the call or through an SMS, victims are asked to dial a USSD code that typically begins with 21, followed by a mobile number controlled by the fraudster.
Once the code is dialled, call forwarding is automatically enabled on the victim’s phone. As a result, incoming calls from banks, OTP verification systems, and authentication calls from apps such as WhatsApp or Telegram are redirected directly to the scammer. This allows criminals to approve transactions, reset passwords, and take over accounts without the victim’s immediate knowledge .
Why this scam is difficult to detect
The unit notes that USSD codes function without internet access and execute instantly, making them especially dangerous. Victims may not receive alerts indicating that call forwarding has been activated. In many cases, users only realise something is wrong after unauthorised bank transactions occur or their messaging accounts are locked out.
Because the process uses legitimate telecom features, traditional antivirus tools and spam filters may not detect or block the activity.
Precautions advised by cybercrime authorities
The advisory urges users not to dial or enter any USSD codes beginning with 21, 61, 67, or similar prefixes when shared by unknown callers. If call forwarding has already been enabled, users are advised to dial ##002# to immediately cancel all call forwarding services.
Citizens are also cautioned against clicking suspicious delivery-related links received via SMS, WhatsApp, or email, and to verify delivery details only through official courier websites or customer care numbers. Any incident of fraud should be reported immediately by calling 1930 or through the national cybercrime reporting portal .
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
