Cybercrime unit warns of rising USSD call forwarding scam targeting bank accounts

India’s National Cybercrime Threat Analytics Unit has issued a fresh advisory warning of a sharp rise in a USSD-based call forwarding scam that is enabling financial fraud and silent account takeovers. The alert, released under the Indian Cyber Crime Coordination Centre, highlights how criminals are exploiting basic telecom functions to bypass security protections without requiring any internet access.

According to the advisory, the scam relies heavily on social engineering and takes advantage of users’ limited awareness of USSD codes, which are commonly associated with routine telecom services.

How the scam works

Cybercriminals typically pose as courier or delivery agents, contacting victims to claim that a parcel delivery needs confirmation or rescheduling. During the call or through a follow-up SMS, victims are instructed to dial a USSD code that usually begins with 21, followed by a phone number controlled by the fraudster.

Once the code is entered, call forwarding is immediately activated on the victim’s phone. This results in all incoming calls, including bank verification calls, OTP confirmations and authentication requests from platforms such as WhatsApp or Telegram, being redirected directly to the scammer. With access to these verification channels, criminals are able to authorise transactions, reset passwords and take over multiple accounts without the victim realising it.

Why it is hard to detect

The cybercrime unit notes that USSD codes operate without internet connectivity and execute instantly, making the attack particularly difficult to identify. Victims often receive no notification that call forwarding has been enabled. In many cases, the first sign of trouble is the discovery of unauthorised bank transactions or the sudden loss of access to messaging and financial accounts.

Because the activity relies on legitimate telecom features, conventional antivirus software and spam filters are often unable to detect or block the scam.

Precautions and what users should do

Authorities have urged citizens never to dial USSD codes beginning with 21, 61, 67 or similar prefixes when instructed by unknown callers. Users who suspect call forwarding has been activated are advised to immediately dial ##002# to cancel all call forwarding services.

The advisory also warns against clicking suspicious delivery-related links received via SMS, WhatsApp or email, and recommends verifying shipment information only through official courier websites or verified customer care numbers. Any suspected fraud should be reported without delay by calling 1930 or through the national cybercrime reporting portal.