Summary: The Indian Cybercrime Coordination Centre (I4C) has issued a high-priority alert regarding scammers posing as delivery agents. They trick users into dialing USSD codes like *401*# followed by an attacker’s number. This silently enables unconditional call forwarding, allowing hackers to intercept voice-call OTPs and reset banking credentials.
Business Impact: High risk for corporate finance teams. If an employee is targeted, the attacker can bypass Multi-Factor Authentication (MFA) to authorize fraudulent wire transfers. It renders voice-based 2FA completely ineffective.
Why It Happened: Fraudsters exploit the trust in delivery services and the lack of visible confirmation for USSD network commands. Since call forwarding happens at the telecom network level, the phone appears normal to the victim.
Recommended Executive Action: Issue an immediate internal advisory: “Never dial codes provided by unknown callers.” Move your organization away from SMS and voice-based OTPs, favoring hardware keys (FIDO2) or authenticator apps.
Hashtags: #USSDScam #BankingFraud #SocialEngineering #MFA #I4C #CyberAwareness