USSD Code Scam: Imagine you are waiting for delivery of an online order. Just then a call comes on your phone. The person in front introduces himself as a delivery agent and says that he is near your address, but your number is not being verified in the system. There is decency in the voice, the conversation seems absolutely normal and there is no doubt of any kind.
In the name of “fixing” the problem he asks you to dial a short code on the phone. Made up of numbers, stars and hashes, this code sounds technical and official. You feel that this is the same process as it has happened many times before, so you dial the code without thinking. A slight notification appears on the screen and disappears in the blink of an eye. The caller assures that the work is done and disconnects the phone.
Delivery doesn’t come, but you postpone it. The real trouble starts after this. Gradually you realize that calls have stopped coming on the phone. Important calls are being missed. Friends tell that your number is not available. Without you even realizing it, all your incoming calls have been forwarded to some other number. Bank verification calls, OTP, account recovery calls, everything silently reaches a cyber criminal.
What are USSD codes and how do fraudsters take advantage of them?
USSD i.e. Unstructured Supplementary Service Data is a technology that works on mobile networks without internet. Its use is common in facilities like banking, balance check or service request. These codes are not installed in the phone, but are directly connected to the telecom network. For this reason dialing them seems like a normal and safe process.
According to cyber security experts, fraudsters are misusing legitimate GSM USSD commands related to call forwarding. As soon as the user dials such a code, the network considers it as the customer’s permission and activates call forwarding at the network level. After this, the call not only does not come on the victim’s phone, but goes directly to the criminal’s number.
Why does the user not realize that he has become a victim of fraud?
The most dangerous thing about this type of fraud is that the user does not feel anything unusual immediately. Dialing a USSD code appears to be a common phone action and there is no clear warning or confirmation as to which number the call is being forwarded to. Since call forwarding is set up over the network, everyday phone use appears normal. Banks and many apps still depend on voice call OTP which directly reaches the fraudsters. Unless an incident like withdrawal of money from the account or account takeover occurs, the user does not even notice.
Who are the most targeted people
People who use online shopping and courier services a lot become the easiest victims of this scam. Calls from delivery agents are common, so there is very little chance of being suspicious of such calls. Once trust is built, fraudsters take advantage of the fact that USSD codes related to call forwarding work the same on most networks like Jio, Airtel and Vi. This scam is not based on any new data leak, but on the similarity of users’ habits and telecom systems.
What could be the early signs of danger?
If suddenly the calls on your phone reduce, people say that the number is not being received, you stop receiving OTP calls from the bank or UPI or you see a sign of call forwarding on the phone without any reason, then it can be an alarm bell. Many times an unknown number appears in the call forwarding settings which you have never added.
What to do immediately if you are stuck
If you suspect that this has happened to you, then first of all it is important to stop call forwarding completely. After this, check the settings of each SIM and immediately change the passwords and PINs of bank, UPI, email and messaging apps. It is very important to contact the bank and cyber crime helpline as soon as you get information about any suspicious transaction.
Warning from government and agencies
The Indian Cyber Crime Coordination Center and the Department of Telecommunications have continuously issued warnings about this type of fraud. Instructions were also given to stop USSD based call forwarding after April 2024, but despite this, such cases coming to light shows that technical flaws and lack of awareness still persist. Experts believe that warning alone is not enough, but features like call forwarding should also be considered as a sensitive security process like SIM swap.
Vigilance is the best security
The faster the digital world is progressing, the more cleverly cyber thugs are finding new ways. Even a simple delivery call can do a lot of harm if you dial a code without thinking. Do not trust any code given on unknown calls because a few seconds of carelessness can hand over your entire phone and your identity into the hands of fraudsters.
Also read:
Government’s big attack on spam calls! Jio-Airtel-VI exposed, TRAI imposes huge fine of Rs 150 crore
