Khaberni - The story may begin with a normal phone ring, and a calm voice claiming to be a delivery agent waiting for your confirmation. Just a few moments, and possibly an innocent button press, are enough to open the door for hackers to take full control of your phone without you noticing. This scenario is no longer hypothetical, but is being warned against today by official bodies and cybersecurity experts around the world.
International warnings about exploiting USSD codes
Cybercrime units in various countries around the world have issued warnings to users, alerting them to a new fraudulent method that relies on exploiting service data codes known as
USSD
, which can be used to divert phone calls without the owners' knowledge.
How does this type of fraud work?
According to cybersecurity experts, the fraud often starts with a phone call that seems normal, from a person claiming to be a delivery company agent or a customer service employee, under the pretext of confirming a delivery appointment or rescheduling it.
During the call, the user is asked to enter a
USSD
code sent via a text message. These codes, which consist of numbers and symbols like the star (*) and hash (#), are typically used for legitimate services like checking the balance or activating certain features, but in this context, they are exploited to execute automatic commands.
Diverting calls without the user's knowledge
These codes often start with numbers like 21 or 61 or 67 followed by another telephone number. Once entered, the call forwarding feature is immediately activated to a number controlled by the attacker, with no clear alert appearing to the user.
As a result, fraudsters can intercept calls coming from banks or verification services, including calls containing one-time verification codes, giving them access to the victim's bank or digital accounts.
Why is this fraud considered extremely dangerous?
The danger of this type of attack lies in the fact that USSD codes
do not require an internet connection, and are executed immediately upon entry, often without leaving a clear trace in phone settings. Moreover, traditional security programs may not detect this fraud, as it relies on legitimate functions within the telecommunications network itself.
In addition, social engineering techniques contribute to the success of these tricks, where many users tend to trust callers who claim to represent delivery companies, especially with the increase in reliance on e-commerce.
Important tips to avoid falling into the trap
Security experts advise not to enter any USSD codes
sent from unknown numbers or through unexpected messages. If someone asks you to enter a code under the pretext of verification, it is preferable to first verify the caller's number via the official website of the company or through an approved tracking application. It is also recommended to review phone settings and deactivate the call forwarding service immediately if any unusual request is suspicious.
