Cybercrime departments in several countries around the world have warned of a new trick used by fraudsters that relies on exploiting “USSD” codes to divert phone calls without the knowledge of their owners, allowing them to control important calls.
Cybersecurity specialists explained that this trick usually starts with a phone call from someone claiming to be a delivery or customer service employee, asking the victim to enter a “USSD” code under the pretext of confirming a shipment delivery appointment or modifying some data.
“USSD” codes are short codes commonly used for network services, such as checking balance, but entering some of these codes, which often start with numbers like “21,” “61,” or “67” followed by a phone number, automatically activates the call forwarding feature to a number controlled by the fraudster.
Once forwarding is activated, attackers can receive calls from banks or verification codes, allowing them to access bank accounts or sensitive services without the user noticing any noticeable change in their phone settings.
The danger of this type of fraud lies in the fact that it does not require an internet connection, and it happens as soon as the code is entered. It is also difficult for traditional protection programs to detect it because it exploits legitimate functions in the telecommunications network.
Security experts advised users to avoid entering any “USSD” codes requested by unknown people or arriving via surprise messages, and to verify the identity of any party claiming to represent delivery companies or official services through official channels.
They also stressed the need to deactivate call forwarding immediately if any attempted fraud of this kind is suspected, and to check phone settings regularly.
