NewKerala.com

Cyber Scammers Hijack Calls Using USSD Codes - I4C Issues Urgent Alert

The Indian Cyber Crime Coordination Centre (I4C) has issued a warning about a sophisticated scam where fraudsters trick victims into activating call forwarding using USSD codes. By impersonating delivery agents, they get users to dial codes like *21# followed by a scammer's number, which secretly reroutes all incoming calls and critical authentication alerts. This allows criminals to intercept bank OTPs, WhatsApp verification codes, and other sensitive information, leading to financial fraud and account takeovers. Citizens are advised never to dial unknown USSD codes, to deactivate forwarding with ##002#, and to report incidents to the national helpline 1930.

Key Points: USSD Call Forwarding Scam Alert by I4C | Protect Your OTPs

  • Scammers use USSD codes to reroute calls & OTPs
  • Impersonate delivery agents to trick victims
  • Dial ##002# to deactivate call forwarding
  • Report fraud to helpline 1930 or cybercrime.gov.in
3 min read

Cyber alert: Scammers reroute calls and alerts

Cybercriminals are hijacking bank OTPs & alerts by tricking victims into activating call forwarding via USSD codes. Learn how to deactivate and stay safe.

"This can lead to unauthorised financial transactions and takeover of messaging accounts - I4C officials"

By Rajnish Singh, New Delhi, January 7

Be alert, as a routine phone call or an innocent delivery update could quietly hand over control of your most sensitive digital information to a fraudster.

An alarming trend is being registered increasingly as the cybercriminals are exploiting the call forwarding feature on mobile phones to secretly reroute incoming calls and critical alerts, such as bank OTPs and authentication codes, to their own numbers.

The trend has prompted a warning from the Indian Cyber Crime Coordination Centre (I4C) under the Ministry of Home Affairs, which says scammers are turning a legitimate telecom function into a powerful tool for financial fraud and account takeovers.

By the time a victim realises something is wrong, verification calls from banks or security alerts from apps may already be reaching a criminal's phone, leaving the user locked out and vulnerable.

Authorities say the growing sophistication of such scams highlights the urgent need for greater public awareness about how everyday mobile features can be weaponised by cybercriminals.

In an official advisory, the National Cybercrime Threat Analytics Unit of I4C flagged a rising trend of USSD-based call forwarding scams. USSD (Unstructured Supplementary Service Data) codes are special sequences of numbers and symbols, such as "*" and "#", that allow users to access telecom services without an internet connection.

According to the advisory issued last month, fraudsters are impersonating delivery or courier service agents and contacting citizens on the pretext of confirming or rescheduling deliveries. Victims are then asked to dial USSD codes sent via SMS, typically starting with 21, followed by a mobile number controlled by the scammer.

Officials said dialling such codes automatically activates call forwarding on the victim's phone, resulting in incoming calls from banks, payment OTP verifications, and authentication messages from platforms like WhatsApp and Telegram being redirected to the fraudster.

"This can lead to unauthorised financial transactions and takeover of messaging accounts," said the officials.

The I4C has cautioned citizens not to dial or enter any USSD codes beginning with 21, 61, 67, or similar prefixes shared by unknown callers.

In case call forwarding has already been activated, users can immediately deactivate all forwarding services by dialling ##002#.

The advisory also urges people to avoid clicking on suspicious courier or delivery links received via SMS, WhatsApp, or email, and to verify delivery details directly through official courier websites or customer care helplines.

"Victims of such scams have been advised to report incidents immediately by calling the national cybercrime helpline 1930 or by lodging a complaint on www.cybercrime.gov.in," the officials suggest.

- ANI

Share this article:

Reader Comments

R
Rohit P
The ##002# deactivation code is a lifesaver. I think telecom companies should send this info as a bulk SMS to all users. Public awareness is key. Good that I4C is issuing these warnings.
D
David E
As someone who works in tech, the sophistication is alarming. They're exploiting basic telecom features. A respectful suggestion: the advisory should also clearly state that no legitimate courier will EVER ask you to dial a USSD code. That point needs to be hammered home.
S
Suresh O
Bhai, yeh scams har roz naye avtar mein aate hain. First it was fake KYC calls, now this. We need stricter punishment for these cyber thugs. Also, banks should have a secondary layer of authentication that isn't just SMS-based.
A
Anjali F
Shared this in my housing society WhatsApp group immediately. Many aunties and uncles order things online regularly and could easily fall for the "courier agent" story. Thank you for the clear information and the helpline number.
M
Michael C
The fact that this doesn't require internet makes it so dangerous. It can target anyone with a basic phone. A crucial read for all.

We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.

Leave a Comment

Minimum 50 characters 0/50