ussd scamcall forwarding fraudotp theftaccount takeover

New Cyber Traps: How Your Phone’s "Backstage Language" Is Being Used Against You

S
Scam Mukt Admin
Contributor
July 7, 2026
< 5 min read
New Cyber Traps: How Your Phone’s "Backstage Language" Is Being Used Against You

The Delivery Hitch You Didn’t See Coming

Imagine you are expecting a package. Your phone pings with a call from a "delivery agent" claiming there is a minor hitch with your courier. To resolve it, they ask you to dial a short string of numbers on your phone to "confirm" your details. It sounds routine, almost helpful. However, a high-priority I4C warning (Indian Cyber Crime Coordination Centre) has flagged this as a sophisticated call forwarding scam designed for OTP theft. This simple act is the digital equivalent of handing a burglar the keys to your home vault. Cyber crime units are seeing a massive surge in these attacks, where criminals use mobile network protocols to hijack your communications and drain your financial accounts.

Takeaway #1: The USSD Code is a Digital Skeleton Key

The core of this threat lies in Unstructured Supplementary Service Data (USSD). Think of USSD as the "backstage language" of your mobile network—strings of asterisks, numbers, and hashes (like *121#) used to check balances or activate services without an internet connection.

The National Cybercrime Threat Analytics Unit (NCTAU) has alerted state nodal bodies, including the Gujarat CID, that fraudsters are moving toward USSD because it is a network-level protocol. Unlike malicious apps, USSD communicates directly with the cellular signaling channel, meaning it bypasses device-level security like antivirus or sandboxed operating system environments.

In this specific social engineering tactic, fraudsters trick victims into dialing a code starting with 21 followed by a 10-digit mobile number.

 

Expert Warning: The moment you hit "call" after entering the code, you aren't talking to a human or a courier service. You are performing a network-side redirection, handing over the keys to your communication vault.

Takeaway #2: Total Interception and Account Takeover (ATO)

Once you activate call forwarding to a fraudster's number, you lose "Digital Sovereignty." Every call meant for you is silently diverted to the criminal’s handset. This allows for total Account Takeover (ATO) fraud, as the scammer can now intercept the most sensitive entry points to your digital identity:

  • Voice-Based One-Time Passwords (OTPs): Critical for authorizing high-value bank transactions.

  • Bank Verification Calls: Diverted calls allow scammers to pose as you during security checks.

  • App Authentication Codes: Scammers use these to hijack accounts on platforms like WhatsApp and Telegram.

Takeaway #3: The "Passive Income" Trap of WhatsApp Rentals

The I4C and NCTAU have also flagged a rising trend: the WhatsApp "Rental" scam. Advertised on platforms like Facebook and Instagram, these ads lure users with promises of "easy passive income" for a simple 10% referral commission.

Victims are asked to link their WhatsApp accounts to a third-party platform via a QR code. In reality, you are converting your personal account into a "mule account." Scammers use your legitimate-looking profile as a "shield" to launch phishing attacks or distribute malicious content. By the time law enforcement tracks the crime, the transnational criminals have vanished, leaving your phone number and identity as the only evidence at the "crime scene." This puts victims at severe risk of criminal prosecution as legal accessories.

Takeaway #4: The Slow-Burn Trust of Dating Platform Frauds

Matrimonial and dating platforms have become the latest hunting grounds for Account Takeover and investment scams. These are "slow-burn" frauds designed to erode logical thinking through emotional manipulation.

Stage 1: Building Trust Scammers create fake, high-status profiles—often claiming to be wealthy professionals working overseas—and engage in weeks of conversation to lower the victim’s guard.

Stage 2: The Psychological Trigger Once trust is absolute, the fraudster introduces an "urgent investment pitch," typically involving cryptocurrency or high-return schemes. The "urgency" is a calculated psychological trigger designed to bypass skepticism, leading victims to transfer massive sums of money before they realize the relationship was a fabrication.

The Mandatory "Kill-Switch": How to Protect Yourself

If you suspect your phone has been compromised or you have dialed a suspicious code, you must act immediately to neutralize the threat.

  1. Monitor for Signs: If you stop receiving calls or see "Call Forwarding Active" notifications, your device is compromised.

  2. Dial ##002# immediately: This is the universal USSD "kill-switch." Dialing this code instantly deactivates all call forwarding services on your device.

  3. Audit Your Links: Go to WhatsApp Settings > Linked Devices and log out of any recognized sessions. Never link your account to unknown platforms via QR codes for "passive income."

People Also Ask (SEO FAQ)

What happens if I dial 21 followed by a phone number?

Dialing this code activates unconditional call forwarding. It instructs your mobile network to redirect all incoming voice calls and voice-based OTPs to the 10-digit number provided, allowing a cybercriminal to intercept your private communications.

How do I stop all call forwarding on my phone instantly?

You can instantly deactivate all call forwarding and redirection services by dialing the universal USSD "kill-switch" code: ##002#.

What is the WhatsApp Rental scam, and is it illegal?

The WhatsApp Rental scam involves "renting" your account to third parties for a commission. It is highly dangerous and can lead to legal trouble, as your account is used as a "mule" for transnational crimes, making you a potential accessory to fraud.

How do cybercrooks get my bank OTP through call forwarding?

When call forwarding is active, any voice-based OTPs or verification calls from your bank are redirected to the fraudster’s handset instead of yours. This allows them to bypass two-factor authentication and authorize unauthorized transactions.

Conclusion: A Final Thought on Digital Sovereignty

The evolution of USSD-based scams proves that as we bolster our app and internet security, criminals simply move "down-stack" to the hidden protocols of the network itself. While we have learned to guard our passwords, we often leave the "backdoor" of our mobile signaling channel wide open.

As the I4C and NCTAU continue to monitor these surging threats, we must ask ourselves: In an age of total connectivity, are we paying enough attention to the silent vulnerabilities in the everyday technologies we trust with our lives?

Share this article