MHA Alert: New USSD Scam Involve Bank Accounts Hijacking via Call Forwarding
“Latest alerts here: latest USSD scam involves call forwarding that results in hijacking bank accounts.”
The Ministry of Home Affairs (MHA) has issued a public warning over a new USSD-based cyber fraud that allows thieves to obtain unauthorized access to bank accounts and digital platforms amid swiftly changing cybercrime techniques.
Ministry of Home Affairs
| Financial losses and account takeovers result from fraudsters abusing mobile phones’ call forwarding feature to intercept crucial banking and authentication calls. |
The fraud is especially dangerous because it doesn’t require internet connectivity, mobile apps, or the installation of malware, which makes it challenging for customers to identify and for traditional cybersecurity measures to stop.
The National Cybercrime Threat Analytics Unit, which is part of the Indian Cyber Crime Coordination Center (I4C), provided input that was used to issue the advice. In recent months, authorities in several states have reported a substantial increase in complaints related to call forwarding fraud.
The USSD scam: what is it?
USSD (Unstructured Supplementary Service Data) codes are unique numerical combinations accompanied by asterisks (*) and hash (#) symbols. They are frequently utilized for legitimate purposes, such as follows:
- Accessing Basic Phone Features,
- Checking Mobile Balances, and
- Activating Telecom Services.
But these codes are now being used by cybercriminals to secretly enable call forwarding on victims’ phones. All incoming calls, including those from banks, payment gateways, and messaging services, are automatically routed to numbers under the fraudsters’ control once they are enabled.
Consequently, the criminals receive security alerts, verification calls, and one-time passwords (OTPs) intended for the victim directly, enabling them to conduct illicit financial transactions and take control of WhatsApp, Telegram, and other associated accounts.
MHA
| The most popular strategy is for scammers to pretend to be delivery or courier service representatives. Victims are informed that a package delivery needs to be confirmed or rescheduled. The caller uses this pretext to send an SMS with a USSD code and requests that the recipient dial it right away.
Usually, these codes start with 21 and are followed by the fraudster’s mobile number. Call forwarding is frequently initiated as soon as the code is entered without the victim fully comprehending the implications. |
Officials
| Many victims don’t realize something is amiss until money has been embezzled from their accounts or they abruptly lose access to their chat apps. |
No app, no internet, yet significant impact
The government has issued a warning since the scam operates completely offline and doesn’t require harmful software or internet access. It works especially well with people who are not familiar with telecom services because of its simplicity and focus on social engineering.
Due to the widespread use of USSD codes for genuine services, victims frequently let their guard down, believing the request to be innocuous. This has made it possible for scammers to operate covertly and get over conventional cybersecurity safeguards.
MHA provides explicit safety measures
The Ministry of Home Affairs has released the following advisories to protect citizens:
- Any USSD code shared by unknown or questionable callers should not be dialled, especially if it begins with 21, 61, 67, or a similar prefix.
- Dial ##002# right away to stop all call forwarding services if call forwarding has been inadvertently enabled.
- Refrain from clicking on links pertaining to couriers or deliveries that you get via email, WhatsApp, or SMS.
- Always use the courier company’s official website or customer service hotline to confirm delivery details.
How may cyber fraud be reported?
- People have been advised to take immediate action if they come across such schemes or suspect fraudulent activity:
- Dial 1930, the national helpline for cybercrime, or
- Use the official cybercrime portal at www.cybercrime.gov.in to file a complaint.
The Ministry reaffirmed that the best defense against new cyberthreats is still raising public awareness. Mobile users have been cautioned not to behave hastily under duress and to exercise caution when responding to unwanted calls and messages.
According to officials, there is ongoing monitoring and study of these fraud tendencies, and when cybercriminals’ strategies change, more caution may be taken.
About The Author
Suraj Koli is a content specialist in technical writing about cybersecurity & information security. He has written many amazing articles related to cybersecurity concepts, with the latest trends in cyber awareness and ethical hacking. Find out more about “Him.”
Read More:
Hackers Associated with Russia Use Microsoft 365 Device Code Phishing to Take Over Accounts.
About Author
English