Investigative News on Financial Crime and Corruption

USSD Call Forwarding Scam Exploits Telecom Gaps to Hijack Indian Financial Accounts

by CBIA Team

Updated January 06, 2026

A sophisticated fraud campaign is sweeping across India, where criminals are hijacking bank accounts and digital identities by exploiting basic telecom features through USSD-based call forwarding scams. India's National Cybercrime Threat Analytics Unit has issued an urgent advisory warning citizens that fraudsters are bypassing security systems without requiring any internet connection, instead leveraging the ubiquitous USSD codes that power everyday telecom services.

The scam, coordinated through the Indian Cyber Crime Coordination Centre (I4C), has triggered alarm among cybersecurity experts due to its simplicity and devastating effectiveness. Victims remain unaware their calls are being rerouted until discovering unauthorized transactions or locked accounts.

Background and Context

USSD (Unstructured Supplementary Service Data) codes have long provided Indian mobile users with instant access to telecom functions—checking balance, activating data plans, or reaching customer support—all without internet connectivity. According to Telecom Regulatory Authority of India (TRAI) guidelines, these codes execute immediately upon dialing, a feature that has now become a vulnerability.

The convergence of India's rapid digital payments adoption—worth over $3 trillion annually according to Reserve Bank of India data—with limited public awareness about telecom security has created ideal conditions for such scams to flourish. Previous cybercrime reports have highlighted how fraudsters continuously adapt their methods to exploit technological gaps in emerging digital ecosystems.

Key Figures and Entities

According to the advisory, perpetrators typically impersonate delivery agents from major courier services, contacting victims with plausible scenarios about parcel verification or rescheduling. Officials note that while the fraud operates through decentralized criminal networks, the systematic nature suggests organized coordination.

The Ministry of Home Affairs has identified several primary victim demographics: elderly individuals less familiar with digital security, rural users with limited technical literacy, and busy professionals who multitask during calls. The national cybercrime helpline 1930 has recorded a 300% increase in USSD-related fraud complaints since the advisory's release, according to official statistics.

Legal and Financial Mechanisms

The technical mechanism is deceptively simple: victims are instructed to dial USSD codes beginning with *21*, followed by the fraudster's number—immediately activating unconditional call forwarding. As described in the official advisory, this diverts all incoming communications, including crucial authentication calls from banks and digital platforms.

Financial institutions report that scammers exploit this interception to approve transactions, reset passwords, and bypass two-factor authentication across platforms including WhatsApp, Telegram, and major banking apps. Because the activity occurs through legitimate telecom infrastructure rather than malicious software, it remains invisible to conventional security systems.

Legal experts note that prosecuting such scams presents challenges under existing Information Technology Act provisions, as the manipulation occurs through authorized telecom features rather than unauthorized system access. This regulatory gap has prompted discussions within the Telecom Regulatory Authority about implementing enhanced verification protocols for USSD code execution.

International Implications and Policy Response

The scam highlights broader vulnerabilities in global telecommunications security, with similar techniques reported in United States and European Union cybercrime warnings. Security researchers suggest the Indian case demonstrates how digital financial inclusion without proportional security education creates systemic risks.

In response, Indian authorities have announced plans for a public awareness campaign targeting USSD security, while Department of Telecommunications officials are reviewing potential safeguards requiring additional verification before activating call forwarding services. The G20 Global Partnership for Financial Inclusion has cited such incidents in calls for enhanced international cooperation on telecom-based fraud prevention.