A new cybercrime wave exploits routine delivery calls to hijack phone lines through USSD codes. Victims unknowingly activate call forwarding, allowing fraudsters to intercept bank OTPs and verification calls. The National Cybercrime Threat Analytics Unit has issued warnings about this growing threat.
What Happened
The scam starts with a phone call. A person claiming to be a delivery agent contacts the victim about an expected package. The caller explains that the delivery system cannot verify the phone number and requests help fixing the issue.
The fraudster asks the victim to dial a short code containing numbers, asterisks, and hashes. The code appears technical and official. Victims comply, believing it is a standard verification step similar to other online transactions.
A notification briefly flashes on the phone screen before disappearing. The caller confirms completion and ends the conversation. No delivery arrives. Days later, the victim realizes something is wrong when calls stop coming through and friends report the number as unreachable.
All incoming calls now silently forward to the criminal’s number. Bank verification calls, OTP confirmations, and account recovery requests divert away from the legitimate owner. The victim has lost control of their phone line through one conversation and one dialed code.
How the Scam Works
Abhishek Mathew, cyber threat intelligence researcher at CloudSEK, explained the technical process. “The scam abuses legitimate GSM call-forwarding USSD commands such as 21# or 401#. When a user dials these codes, the telecom network treats it as an authorized subscriber action and updates the call-forwarding configuration at the network level.”
USSD stands for Unstructured Supplementary Service Data. These codes use special sequences of numbers, asterisks, and hashes to interact with telecom service providers without requiring internet connection. The system runs on the network itself rather than on individual devices.
Mathew told Indian Express that once enabled, all incoming calls silently forward to the attacker’s number. “The victim’s phone often shows no incoming call at all, or only a missed-call indicator. All bank OTP calls, IVR verification calls, and app verification calls go directly to criminals.”
Why Victims Remain Unaware
Mathew explained why users fail to detect the fraud immediately. “Dialing a USSD code looks like a normal phone action, with no strong warning or confirmation naming the destination number. Call-forwarding is stored on the network, not locally on the device, so day-to-day phone usage appears normal.”
Banks and apps continue relying on voice-call OTPs. These now reach attackers directly. The compromise remains invisible until account takeovers or fraudulent transactions occur.
Who Gets Targeted
Mathew identified frequent users of online delivery and courier services as prime targets. “People are accustomed to receiving calls from delivery agents regarding address confirmation, OTPs, or rescheduling, so such interactions have very low suspicion thresholds.”
The attack works uniformly across major Indian operators including Jio, Airtel, and Vi. Codes like 21# or 401# function as legitimate subscriber commands on these networks. This uniformity makes the attack scalable regardless of the victim’s operator.
Common USSD Codes Used
Fraudsters commonly misuse several codes. 21# enables unconditional call forwarding. 401# activates call forwarding on some Indian networks. 61# and 67# enable conditional forwarding when the phone is busy or unanswered.
Several indicators suggest call forwarding fraud. A sudden drop in incoming calls occurs first. Contacts report the phone as unreachable. OTP or verification calls from banks and UPI apps stop arriving. The phone displays unexpected call forwarding active indicators. Unknown numbers appear listed under call forwarding settings.
Immediate Actions
Victims should dial ##002# immediately to cancel all call forwarding. Check call forwarding settings for each SIM card. Change passwords and PINs for banking, UPI, email, and messaging apps if exposure is suspected.
Manish Agrawal, senior executive vice president at HDFC Bank, emphasized prevention. “USSD-based call forwarding fraud is a growing threat that exploits unsuspecting citizens by tricking them into dialing special codes. With a few simple secure banking habits, citizens can protect themselves from such scams.”
Protection Steps
Agrawal recommended the LBW Rule. File complaints at cybercrime.gov.in or call 1930 for law enforcement. Contact your bank immediately if unauthorized transactions occur. Wipe devices completely and change passwords.
Never dial codes like 21, 61, or 67 when asked by unknown callers. Disconnect and call back using official customer care numbers. Check call forwarding status periodically through handset settings or operator apps.
Do not click suspicious courier or delivery tracking links. Never share OTPs, PINs, CVV, passwords, or card details with anyone. Do not ignore unusual network messages or sudden changes in call behavior.
Protection Table
| Warning Sign | Immediate Action |
|---|---|
| Calls not coming through | Dial ##002# to cancel forwarding |
| Friends report number unreachable | Check SIM call forwarding settings |
| No bank OTPs received | Change banking passwords immediately |
| Unknown forwarding indicator | Contact telecom operator |
| Suspicious delivery call received | Verify through official channels only |
The National Cybercrime Threat Analytics Unit continues monitoring this trend and urges citizens to report incidents immediately through official channels.
Support us to keep independent environmental journalism alive in India.
Keep Reading
Small Wild Cats in Big Trouble: India’s First National Report Released
After Tragedy, Families Face Delays in Tiger Attack Compensation
Stay connected with Ground Report for underreported environmental stories.
