Dialling this code could give scammers access to your bank account: Here’s what not to do

India’s national cybercrime monitoring agency has issued a new warning to the public over a phone-based scam that is leading to bank fraud and account takeovers. The National Cybercrime Threat Analytics Unit released the advisory under the Indian Cyber Crime Coordination Centre framework after tracking cases where fraudsters used USSD call forwarding codes to divert banking and verification calls.

Authorities said the scam does not rely on internet access or malicious software. Instead, it exploits standard telecom functions and user trust. Cybercrime officials noted that many victims remain unaware of how USSD codes work, which makes the fraud easy to execute and hard to notice in time.

Also read: Realme’s massive 10,000 mAh battery phone surfaces in leak again: Details

How the Scam Targets Phone Users

According to the advisory, criminals contact people while posing as a courier or delivery staff. They claim a package requires confirmation or rescheduling. During the call or through a message, the caller asks the person to dial a USSD code, often starting with 21, followed by a phone number provided by the scammer.

When the user dials the code, call forwarding activates on the phone without further confirmation. After this step, all incoming calls meant for the user get redirected to the fraudster’s number. This includes calls from banks, automated verification systems, and messaging platforms that rely on voice calls for account access.

Also read: Oppo Find X8 Pro get a huge price cut on Amazon: Check price, sale and bank offers

How Fraudsters Gain Account Access

Once the calls redirect, scammers can receive one-time passwords and approval calls. This enables them to authorise transactions, change login details, and gain control of bank accounts or messaging profiles. In many cases, the victim continues using the phone normally and remains unaware of the diversion.

The cybercrime unit explained that the scam works quickly because USSD commands execute immediately and operate without internet connectivity. Phones may not display clear notifications when call forwarding activates. Users often discover the issue only after funds move out of their accounts or access to apps becomes unavailable.

Also read: Samsung Galaxy S26 series could come with higher price tags: Report

Officials also pointed out that security tools designed to block harmful links or software may not stop this method. Since the scam uses telecom features that function as intended, automated protection systems may not flag the activity.

To reduce risk, authorities advised people not to dial USSD codes starting with 21, 61, 67, or related sequences when shared by unknown callers. If call forwarding gets enabled, users should dial ##002# to cancel all forwarding settings at once.

The advisory also warned against clicking delivery-related links sent through messages or emails. Users should verify shipment details only through official courier websites or customer care numbers. Anyone who experiences financial loss or account misuse should report the incident immediately by calling 1930 or using the national cybercrime reporting portal.