OTPs Hijacked Without A Click: Is Your Phone Compromised Too?

Key Points
A simple phone call. A dialed code. No links. No malware. Yet within seconds, your calls are rerouted, your OTPs hijacked—and your digital identity stolen.
This silent scam doesn’t need clicks, just your trust. Discover how your own phone could be the weapon… and how to stop it before it’s too late.
Bhubaneswar: A troubling scam has emerged in India where cybercriminals exploit mobile call forwarding settings to steal sensitive information without any need for links or malware. Victims receive calls from fraudsters posing as delivery or service agents, who instruct them to dial codes like *21* #. This activates unconditional call forwarding, rerouting all incoming calls—including one-time passwords (OTPs)—to the scammer.
Armed with access to these calls, the fraudster can impersonate users and gain control over banking or shopping accounts, often causing financial damage before the victim even realizes what's happened.
Unlike traditional phishing scams, this method leaves no obvious trace. Many users remain unaware that their calls are being diverted. It was only through the intervention of artificial intelligence tools—which analyzed call logs and flagged unusual activity—that the scam came to light.
Experts advise taking proactive steps to avoid becoming a target. First, never dial unknown codes provided by unsolicited callers. Second, consider switching from SMS-based OTPs to app-based authentication, which is more secure. To check for unauthorized call forwarding, dial ##002#. his disables all forwarding settings instantly.
Anyone experiencing suspicious activity should report it immediately by calling helpline 1930 or visiting cybercrime.gov.in. As scams grow more sophisticated, staying informed is the best line of defense. With nothing more than a simple dial code, phones can be turned against their owners. So awareness and caution are vital.