New Delhi

A simple phone call or what appears to be a harmless delivery update could quietly give cybercriminals access to your most sensitive digital information, authorities have warned.

Investigators are seeing a sharp rise in scams where fraudsters misuse the call-forwarding feature on mobile phones to divert incoming calls and security alerts, such as bank verification calls and one-time passwords (OTPs) to numbers controlled by them. The tactic allows criminals to hijack accounts without the victim immediately realizing something is wrong.

The Indian Cyber Crime Coordination Centre (I4C), operating under the Ministry of Home Affairs, has issued an alert, stating that scammers are exploiting legitimate telecom features to carry out financial fraud and account takeovers. By the time users notice unusual activity, critical calls and authentication alerts may already be landing on a fraudster’s phone, effectively locking victims out of their own accounts.

Officials say the growing sophistication of such methods highlights the need for increased public awareness about how everyday mobile phone functions can be misused.

In a recent advisory, the National Cybercrime Threat Analytics Unit of I4C flagged a surge in scams involving USSD-based call forwarding. USSD (Unstructured Supplementary Service Data) codes combinations of numbers and symbols like “*” and “#” are commonly used to access telecom services without internet connectivity.

According to the advisory, scammers often pose as courier or delivery service representatives and contact individuals claiming there is an issue with a shipment. Victims are then asked to dial a USSD code sent via SMS, typically starting with “21” followed by a phone number belonging to the fraudster.

Dialling such codes automatically enables call forwarding on the victim’s device. As a result, incoming calls from banks, OTP verification messages, and security alerts from apps such as WhatsApp or Telegram are redirected to the scammer’s phone.

“This enables unauthorised financial transactions and can lead to complete takeover of messaging and payment accounts,” officials said.

The I4C has cautioned citizens against dialing or entering any USSD codes beginning with prefixes such as 21, 61, 67, or similar numbers shared by unknown callers. If call forwarding has already been activated, users can immediately disable all forwarding services by dialling ##002#.

READ MORE: IUML's Fatima Muzaffar Ahmed is the epitome of Muslim woman leadership

Authorities have also advised people to avoid clicking on suspicious delivery or courier links received via SMS, WhatsApp, or email, and to confirm shipment details only through official courier websites or verified customer care numbers.

Victims of cyber fraud are urged to report incidents without delay by calling the national cybercrime helpline 1930 or filing a complaint on www.cybercrime.gov.in.