Last Updated:January 13, 2026, 13:09 IST

Call forwarding scams begin with a call or message that appears harmless. Victims are told their SIM needs ‘verification’, their number will be ‘blocked’, or KYC is ‘incomplete’

The success of this scam lies in how familiar and low-risk the action feels. Dialling a code does not trigger the same alarm bells as clicking a suspicious link. (Getty Images)

India’s cybercrime landscape is undergoing a dangerous shift. Fraudsters are no longer relying only on suspicious links, fake bank calls, or cloned UPI handles. Instead, they are turning ordinary phone features and familiar social platforms into weapons, often without victims realising anything is wrong until the damage is done.

In November, a 36-year-old man from Secunderabad lost Rs 2.47 lakh after receiving a deceptive text message purportedly from a DTDC courier. After the first couple of failed delivery attempts, the man clicked on the link for the third delivery attempt. But a barrage of messages popped up on his phone, asking for a One-Time Password (OTP). Within minutes, he received alerts from his bank that Rs 2.47 lakh had been spent on his credit card without authorisation. The victim locked his credit card through the banking app and lodged a formal complaint with the bank.

A recent advisory from the Indian Cyber Crime Coordination Centre (I4C) flags how fast these tactics are evolving. What makes these scams effective is not sophisticated hacking, but the repurposing of everyday actions, such as dialling a code, scanning a QR, responding to a WhatsApp message, into gateways for identity takeover and financial fraud.

How The Threat Has Changed From Phishing To Phone Control

For years, cybercrime awareness focused on obvious red flags: unknown links, spelling errors, or requests for OTPs. While those scams still exist, criminals have adapted to a more digitally aware population. Today’s fraud relies less on deception through fake websites and more on exploiting trust in built-in systems.

Telecom features, designed for convenience, have become a soft target. Social media platforms, built for connection and monetisation, are now recruitment grounds for crime networks. The result is a new category of fraud that feels legitimate at every step, until it is too late.

What Is The Call Forwarding Scam?

At the centre of this shift is the call forwarding scam, one of the most damaging and least understood frauds currently circulating. It usually begins with a phone call or message that appears harmless. Victims are told their SIM needs “verification,” their number will be “blocked,” or their KYC is “incomplete.” The solution offered is simple: dial a short code, often a USSD command (dialling *72 or *401#), to “fix” the issue.

“Most Indian users use smartphones; they are very rarely aware of the USSD features on telecom networks, which were primarily designed for mobile phones and now work on smartphones too. The scam abuses USSD call-forwarding codes — sequences like 21

USSD codes are not malicious by default. They are legitimate telecom commands used for services like balance checks, call forwarding or voicemail activation. But when a user dials a call-forwarding code provided by a scammer, all incoming calls, including those from banks, payment apps and government services, can be silently redirected to a criminal’s number.

Once call forwarding is active, the fraudster does not need to hack anything. OTPs, verification calls, and security alerts reach them directly. Accounts are reset, passwords changed, and financial transactions approved, all while the victim’s phone remains operational but effectively sidelined.

What makes this scam especially dangerous is its invisibility. Many users don’t realise call forwarding has been enabled. They only notice something is wrong after bank balances disappear or accounts are locked.

Why Call Forwarding Works So Well For Indian Users

The success of this scam lies in how familiar and low-risk the action feels. Dialling a code does not trigger the same alarm bells as clicking a suspicious link. There is no app download, no permission pop-up, and no visible sign of compromise.

Social engineering fills the gap. Fraudsters exploit authority—posing as telecom staff or service providers, and urgency, often threatening service disruption. In a country where SIM connectivity is essential for banking, work, and daily life, users are more likely to comply quickly.

Another factor is low awareness. While many people know not to share OTPs, far fewer understand what call forwarding is or how the USSD codes function. The technical simplicity masks the severity of the outcome.

What Are WhatsApp ‘Rental’ Scams?

If call forwarding hijacks communication, WhatsApp rental scams hijack identity. These schemes are often disguised as passive income opportunities. Users are approached on WhatsApp, Telegram, or even Instagram with offers to “rent” their WhatsApp account for a few hours or days in exchange for quick money.

To proceed, victims are asked to scan a QR code or link a device, which allows the fraudster to access the WhatsApp account remotely. From that moment, the account becomes a mule—used to send phishing messages, scam links, or impersonation requests to contacts and beyond.

Because the account belongs to a real person, messages appear trustworthy. Friends, family, and colleagues are more likely to respond, making scams more effective. Meanwhile, the original account holder may be logged out, locked out, or kept unaware until law enforcement or WhatsApp flags the activity.

“WhatsApp ‘rental’ scams typically start with job or income offers that ask users to let someone else operate their account. Victims are asked to scan QR codes or connect their WhatsApp through external links or apps, which quietly give full access to their account to third parties. The idea is to steal WhatsApp web token. From that point, the account is no longer under the user’s control, even though it still appears to be theirs. This problem will be resolved after the government’s new guidelines, which says WhatsApp and other apps will work only on the device which has a SIM,” explains Jain.

Reports of rental scams in Jammu and Kashmir surfaced in December, where the fraudsters lured users with offers of Rs 500 to Rs 1,000 per day to rent out their WhatsApp accounts. The J&K Police alerted individuals not to scan any QR Code under ‘WhatsApp Rent’ or ‘Auto Earning’.

What Are The Legal And Financial Fallout Of Being A ‘Mule’

What many victims don’t realise is that WhatsApp rental scams carry risks far beyond temporary account loss.

When a personal account is used to commit fraud, the registered owner can become entangled in investigations. Digital trails link scam activity back to the account holder’s phone number and identity. In some cases, users have faced questioning, account freezes, and prolonged legal stress despite being unaware participants.

Financial risks also extend beyond direct theft. Linked bank accounts, email IDs, and other services may be targeted once identity control is established. The damage can cascade across platforms, turning a single lapse into months of recovery.

Why Are These Scams Thriving Right Now

The rise of these tactics reflects a broader evolution in cybercrime. Criminal networks are moving away from brute-force attacks toward systems that combine psychology, platform design, and regulatory gaps.

India’s rapid digital adoption has created a massive base of smartphone users who rely on mobile numbers as primary identity markers. Telecom-linked authentication is widespread, but user education on telecom features has lagged.

At the same time, social platforms have normalised monetisation, from creators earning revenue to gig-style digital work. Scam offers blend seamlessly into this environment, making it harder to distinguish fraud from opportunity.

Cybercrime today is less about technical skill and more about exploiting everyday trust.

The Scale Of Risk Is More Than Just Money Lost

While financial loss is the most visible impact, the bigger risk lies in identity compromise. Once fraudsters gain control of calls or messaging accounts, they can reset credentials across multiple services. Email, social media, cloud storage, and even government portals may be targeted using intercepted verification steps.

For victims, recovery is rarely immediate. Bank disputes, SIM re-verification, account restoration, and police complaints can stretch over weeks or months. Emotional stress, reputational damage, and fear of further misuse often follow.

At a national level, these scams also feed organised crime ecosystems. Mule accounts and forwarded calls enable larger fraud operations, money laundering, and scaling attacks across states and borders.

In 2025, over 2.1 to 2.2 million complaints of cheating and fraud were reported on the National Cyber Crime Reporting Portal, which led to estimated financial losses from Rs 19,000 crore to over Rs 1.2 lakh crore.

How Users Can Actually Protect Themselves

The most effective defence begins with understanding triggers. Any unsolicited request involving USSD codes, call settings, or QR-based account linking should be treated as high risk. Telecom providers do not ask users to dial codes over the phone, and legitimate companies do not rent personal messaging accounts.

Users should periodically check their call settings to ensure call forwarding is disabled. In many cases, dialling ##002# can cancel all active call forwarding services—a simple but powerful safeguard.

“Never dial unknowns USSD codes. If anything looks fishy, call customer care to check if any call forwarding or SMS forwarding has been activated and cancel it. Never install any unknown apps, no matter who suggests. Never give any OTP , even if they are for non-banking purpose. Enable two-factor authentication on your email and WhatsApp. This will help you protect from theft of your WhatApp accounts,” stressed Jain.

Most importantly, users should resist urgency. Scams succeed by rushing decisions. Taking time to verify, by contacting official customer care channels independently, can stop fraud before it starts.

What This Shift Reveals About Modern Cybercrime In India

The rise of call forwarding and WhatsApp rental scams signals a turning point. Cybercrime is no longer confined to shady corners of the Internet; it now operates through features people use every day.

This makes awareness more important than ever. Not just warnings, but explanations of how systems work, why scams succeed, and where trust can be misplaced.

Technology will continue to evolve, but so will exploitation. As criminals adapt to platforms and behaviours, the line between convenience and vulnerability becomes thinner.

In this new landscape, digital safety is not just about avoiding suspicious links. It is about understanding how ordinary actions can be turned into extraordinary risks, and staying one step ahead before control slips away.

In November, a 36-year-old man from Secunderabad lost Rs 2.47 lakh after receiving a deceptive text message purportedly from a DTDC courier. After the first couple of failed delivery attempts, the man clicked on the link for the third delivery attempt. But a barrage of messages popped up on his phone, asking for a One-Time Password (OTP). Within minutes, he received alerts from his bank that Rs 2.47 lakh had been spent on his credit card without authorisation. The victim locked his credit card through the banking app and lodged a formal complaint with the bank.

A recent advisory from the Indian Cyber Crime Coordination Centre (I4C) flags how fast these tactics are evolving. What makes these scams effective is not sophisticated hacking, but the repurposing of everyday actions, such as dialling a code, scanning a QR, responding to a WhatsApp message, into gateways for identity takeover and financial fraud.

How The Threat Has Changed From Phishing To Phone Control

For years, cybercrime awareness focused on obvious red flags: unknown links, spelling errors, or requests for OTPs. While those scams still exist, criminals have adapted to a more digitally aware population. Today’s fraud relies less on deception through fake websites and more on exploiting trust in built-in systems.

Telecom features, designed for convenience, have become a soft target. Social media platforms, built for connection and monetisation, are now recruitment grounds for crime networks. The result is a new category of fraud that feels legitimate at every step, until it is too late.

What Is The Call Forwarding Scam?

At the centre of this shift is the call forwarding scam, one of the most damaging and least understood frauds currently circulating. It usually begins with a phone call or message that appears harmless. Victims are told their SIM needs “verification,” their number will be “blocked,” or their KYC is “incomplete.” The solution offered is simple: dial a short code, often a USSD command (dialling *72 or *401#), to “fix” the issue.

“Most Indian users use smartphones; they are very rarely aware of the USSD features on telecom networks, which were primarily designed for mobile phones and now work on smartphones too. The scam abuses USSD call-forwarding codes — sequences like 21# that legitimately redirect your incoming calls to another number. So, when a victim is tricked to dial a USSD code sequence on the pretext of dialling a number, he is not aware of the outcome like call forwarding or diverting… And worse is, many people don’t even know how to switch it off,” said cyber security expert Jiten Jain, who is also a director at Voyager Infosec.

USSD codes are not malicious by default. They are legitimate telecom commands used for services like balance checks, call forwarding or voicemail activation. But when a user dials a call-forwarding code provided by a scammer, all incoming calls, including those from banks, payment apps and government services, can be silently redirected to a criminal’s number.

Once call forwarding is active, the fraudster does not need to hack anything. OTPs, verification calls, and security alerts reach them directly. Accounts are reset, passwords changed, and financial transactions approved, all while the victim’s phone remains operational but effectively sidelined.

What makes this scam especially dangerous is its invisibility. Many users don’t realise call forwarding has been enabled. They only notice something is wrong after bank balances disappear or accounts are locked.

Why Call Forwarding Works So Well For Indian Users

The success of this scam lies in how familiar and low-risk the action feels. Dialling a code does not trigger the same alarm bells as clicking a suspicious link. There is no app download, no permission pop-up, and no visible sign of compromise.

Social engineering fills the gap. Fraudsters exploit authority—posing as telecom staff or service providers, and urgency, often threatening service disruption. In a country where SIM connectivity is essential for banking, work, and daily life, users are more likely to comply quickly.

Another factor is low awareness. While many people know not to share OTPs, far fewer understand what call forwarding is or how the USSD codes function. The technical simplicity masks the severity of the outcome.

What Are WhatsApp ‘Rental’ Scams?

If call forwarding hijacks communication, WhatsApp rental scams hijack identity. These schemes are often disguised as passive income opportunities. Users are approached on WhatsApp, Telegram, or even Instagram with offers to “rent” their WhatsApp account for a few hours or days in exchange for quick money.

To proceed, victims are asked to scan a QR code or link a device, which allows the fraudster to access the WhatsApp account remotely. From that moment, the account becomes a mule—used to send phishing messages, scam links, or impersonation requests to contacts and beyond.

Because the account belongs to a real person, messages appear trustworthy. Friends, family, and colleagues are more likely to respond, making scams more effective. Meanwhile, the original account holder may be logged out, locked out, or kept unaware until law enforcement or WhatsApp flags the activity.

“WhatsApp ‘rental’ scams typically start with job or income offers that ask users to let someone else operate their account. Victims are asked to scan QR codes or connect their WhatsApp through external links or apps, which quietly give full access to their account to third parties. The idea is to steal WhatsApp web token. From that point, the account is no longer under the user’s control, even though it still appears to be theirs. This problem will be resolved after the government’s new guidelines, which says WhatsApp and other apps will work only on the device which has a SIM,” explains Jain.

Reports of rental scams in Jammu and Kashmir surfaced in December, where the fraudsters lured users with offers of Rs 500 to Rs 1,000 per day to rent out their WhatsApp accounts. The J&K Police alerted individuals not to scan any QR Code under ‘WhatsApp Rent’ or ‘Auto Earning’.

What Are The Legal And Financial Fallout Of Being A ‘Mule’

What many victims don’t realise is that WhatsApp rental scams carry risks far beyond temporary account loss.

When a personal account is used to commit fraud, the registered owner can become entangled in investigations. Digital trails link scam activity back to the account holder’s phone number and identity. In some cases, users have faced questioning, account freezes, and prolonged legal stress despite being unaware participants.

Financial risks also extend beyond direct theft. Linked bank accounts, email IDs, and other services may be targeted once identity control is established. The damage can cascade across platforms, turning a single lapse into months of recovery.

Why Are These Scams Thriving Right Now

The rise of these tactics reflects a broader evolution in cybercrime. Criminal networks are moving away from brute-force attacks toward systems that combine psychology, platform design, and regulatory gaps.

India’s rapid digital adoption has created a massive base of smartphone users who rely on mobile numbers as primary identity markers. Telecom-linked authentication is widespread, but user education on telecom features has lagged.

At the same time, social platforms have normalised monetisation, from creators earning revenue to gig-style digital work. Scam offers blend seamlessly into this environment, making it harder to distinguish fraud from opportunity.

Cybercrime today is less about technical skill and more about exploiting everyday trust.

The Scale Of Risk Is More Than Just Money Lost

While financial loss is the most visible impact, the bigger risk lies in identity compromise. Once fraudsters gain control of calls or messaging accounts, they can reset credentials across multiple services. Email, social media, cloud storage, and even government portals may be targeted using intercepted verification steps.

For victims, recovery is rarely immediate. Bank disputes, SIM re-verification, account restoration, and police complaints can stretch over weeks or months. Emotional stress, reputational damage, and fear of further misuse often follow.

At a national level, these scams also feed organised crime ecosystems. Mule accounts and forwarded calls enable larger fraud operations, money laundering, and scaling attacks across states and borders.

In 2025, over 2.1 to 2.2 million complaints of cheating and fraud were reported on the National Cyber Crime Reporting Portal, which led to estimated financial losses from Rs 19,000 crore to over Rs 1.2 lakh crore.

How Users Can Actually Protect Themselves

The most effective defence begins with understanding triggers. Any unsolicited request involving USSD codes, call settings, or QR-based account linking should be treated as high risk. Telecom providers do not ask users to dial codes over the phone, and legitimate companies do not rent personal messaging accounts.

Users should periodically check their call settings to ensure call forwarding is disabled. In many cases, dialling ##002# can cancel all active call forwarding services—a simple but powerful safeguard.

“Never dial unknowns USSD codes. If anything looks fishy, call customer care to check if any call forwarding or SMS forwarding has been activated and cancel it. Never install any unknown apps, no matter who suggests. Never give any OTP , even if they are for non-banking purpose. Enable two-factor authentication on your email and WhatsApp. This will help you protect from theft of your WhatApp accounts,” stressed Jain.

Most importantly, users should resist urgency. Scams succeed by rushing decisions. Taking time to verify, by contacting official customer care channels independently, can stop fraud before it starts.

What This Shift Reveals About Modern Cybercrime In India

The rise of call forwarding and WhatsApp rental scams signals a turning point. Cybercrime is no longer confined to shady corners of the Internet; it now operates through features people use every day.

This makes awareness more important than ever. Not just warnings, but explanations of how systems work, why scams succeed, and where trust can be misplaced.

Technology will continue to evolve, but so will exploitation. As criminals adapt to platforms and behaviours, the line between convenience and vulnerability becomes thinner.

In this new landscape, digital safety is not just about avoiding suspicious links. It is about understanding how ordinary actions can be turned into extraordinary risks, and staying one step ahead before control slips away.

Stay Ahead, Read Faster

Scan the QR code to download the News18 app and enjoy a seamless news experience anytime, anywhere.

login