Cybersecurity experts have raised alarms about a growing scam in India where fraudsters use USSD codes to silently take control of a user’s phone calls and messages. The National Cybercrime Threat Analytics Unit under the Indian Cybercrime Coordination Centre (I4C) has observed this worrying trend affecting users nationwide.
How the Scam Works
The scam typically begins with a caller pretending to be a delivery agent. The caller informs the victim that their phone number needs to be verified for an online order and asks them to dial a seemingly technical code composed of numbers, asterisks, and hash symbols. This code, often resembling legitimate verification steps, enables call forwarding silently, directing all incoming calls and messages to the scammer’s device.
Victims usually notice the problem only after their phone stops receiving calls, friends report the number as unreachable, and important calls such as bank OTPs fail to come through. The scam exploits the uniformity of call-forwarding USSD codes used by major Indian telecom operators like Jio, Airtel, and Vi.
Understanding USSD Codes
USSD (Unstructured Supplementary Service Data) codes are short codes made up of numbers and symbols that allow users to interact with telecom services instantly. While these codes serve legitimate purposes, they can be misused when instructed by unknown callers. Enabling call forwarding via these codes gives scammers access to verification calls, enabling them to intercept OTPs, reset passwords, and potentially access financial accounts without the victim’s knowledge.
Protective Measures for Users
Experts advise users to remain vigilant and cautious when receiving calls from unknown numbers, especially those claiming to be delivery agents or support personnel asking to dial USSD codes. The recommended “LBW Rule” for victims includes:
- Law Enforcement: Immediately report suspicious activity at cybercrime.gov.in or call 1930.
- Bank: Contact your bank promptly if you notice unauthorized transactions on your cards, net banking, or UPI accounts.
- Wipe: Secure your devices by wiping data if necessary and changing all passwords.
Additional precautions include verifying callers by disconnecting and calling back on official numbers, regularly checking call forwarding status, and managing call forwarding settings only through official operator apps or handset settings. Users should avoid dialing, saving, or sharing suspicious USSD codes like *21*#, *401*#, *61*#, and *67*# when prompted by unknown callers, regardless of the reason given.
Implementing strong security on banking and financial apps, including device locks, in-app PINs, and transaction alerts, is also essential. Awareness of sudden changes in call behaviour, such as repeated call forwarding tones, can help detect potential fraud early.
By following these guidelines, users can better protect themselves from the rising threat of USSD call forwarding scams that can compromise their phone communications and financial security.
Leave a Comment