KM CIPHER
📱 Real-Life Scam Alert 🔴 High Risk April 20, 2026

"Bhaiya, Bas Ek Call Karni Thi…" — The Stranger's Request That Could Have Drained His Bank Account 😨

A seemingly harmless favour at a railway station. A phone handed over for just "one quick call." And a scam so silent that most people would never even know they were robbed.

The Phone Scam That Steals Your OTPs — Call Forwarding Scam by Krishna Muduli, CISSP

😳 It Started Like Any Ordinary Evening

"He almost handed his phone to a complete stranger. If he had, everything — his bank account, his WhatsApp, his OTPs — could have been in someone else's hands."

My friend Arjun — a 28-year-old working in Hyderabad — was sitting at the railway station waiting for his train to Vizag. It had been a long day at the office. He had his earphones in, half-reading something on his phone.

That's when a man walked up to him. Neat clothes. Polite manner. Looked stressed.

"Bhaiya, please — phone ki battery dead ho gayi… mujhe ghar pe ek urgent call karni hai. Bas ek minute."

Arjun hesitated. Something felt a little off about the request, but the man seemed genuinely worried. He was about to hand over his phone…

Then the man added something that stopped Arjun cold.

"Haan, ye number dial karna — **21*98XXXXXXXX# — uske baad baat ho jaayegi."

Arjun stared at the number. Stars. Hash symbols. That's not a phone number. That's something else entirely.

He quietly said "sorry bhai, mera data bhi khatam hai" — and the man walked away, almost immediately, without another word.

Later that night, Arjun searched for what that code actually meant. What he found made his stomach drop.

HYDERABAD JUNCTION PLATFORM 4 21:38 · VIZAG EXPRESS · ON TIME · PF 4 · DEPARTURE IMMINENT "Bhaiya, please… phone ki battery dead ho gayi. Bas ek urgent call…" NOT A PHONE NUMBER **21*98XXXXXXXX# 📍 HYDERABAD RAILWAY JUNCTION · PLATFORM 4 · 21:38 HRS LIVE

📞 So What Was That Code? (Explained Simply)

That code the stranger wanted Arjun to dial — **21*98XXXXXXXX# — is what's called a call forwarding activation code.

In simple language: it's a secret instruction to your phone network. It tells your SIM — "from now on, whenever someone calls this number, silently send that call to another number too."

And that "other number"? It would have been the scammer's number.

📋 Call Forwarding Code Breakdown:

**21* = "Activate call forwarding for ALL incoming calls"

98XXXXXXXX = Scammer's phone number

# = Execute the command

Total time to activate: under 3 seconds. No password needed. No confirmation SMS. Just done.

These codes are called USSD codes (Unstructured Supplementary Service Data). They're legitimate tools built into every mobile network — originally designed for customer service features. But scammers have figured out how to abuse them.

Once activated, your incoming calls quietly get redirected to the scammer. You might not even notice. Your phone still rings normally. But so does theirs.

THREAT ANALYSIS USSD CODE EXPLOITATION — HOW YOUR CALLS GET HIJACKED DIALLER **21*98XX# 123 456 789 CALL YOUR PHONE (Arjun dials the code) ⚠ SCAM TRIGGERED CARRIER NETWORK Processes USSD command silently — zero confirmation NETWORK TOWER (Jio / Airtel / Vi / BSNL) 📞 INCOMING CALL XYZ BANK OTP LINE OTP RECEIVED 472851 BANK LOGIN SUCCESS ✓ SCAMMER'S DEVICE (Receives all YOUR calls) ALL CALLS REDIRECT HERE **21*98XXXX# REDIRECT ACTIVE ⚠ NO SMS. NO NOTIFICATION. NO CONFIRMATION. YOU WILL NEVER KNOW THIS HAPPENED.

🚨 Why This Is Actually a Big Deal

Okay, so your calls are being forwarded. So what? You might think — big deal, they can hear my conversations. But that's not the real danger. The real danger is what happens with your OTPs.

⚠️ Here's How the Actual Fraud Happens:

  1. Step 1. Scammer tricks you into dialling the call forwarding code on your phone.
  2. Step 2. Your calls now silently forward to their number too.
  3. Step 3. They go to your bank's website and click "forgot password" or "login with OTP."
  4. Step 4. The bank calls your number to read out the OTP (some banks still do this for certain transactions).
  5. Step 5. That call forwards to the scammer. They get your OTP. You get nothing.
  6. Step 6. Account accessed. Money transferred. Done — in under a minute.

And it doesn't stop at banking.

💸 What Can Scammers Actually Do With This?

Once your calls are being forwarded, here's what becomes vulnerable:

🏦

Bank Accounts & UPI

BHIM UPI, Google Pay, PhonePe — all of these use call-based OTP verification in some flows. If your incoming calls are forwarded, the scammer receives the OTP call before you do, or alongside you. Net Banking logins are even more at risk.

💚

WhatsApp Account Takeover

WhatsApp lets you register with a missed call verification method. If the scammer tries to register your number on their device and chooses "call me" — your forwarded call delivers the code straight to them. Your account gets transferred. All your chats, contacts, groups — gone to a stranger.

📧

Email & Social Media

Gmail, Instagram, Facebook — all allow "call me with OTP" as a backup login method. Once the scammer has control of your email, they can reset passwords to everything else attached to it.

📦

E-commerce & Loan Apps

Amazon, Flipkart, quick loan apps — they all verify via OTP. The scammer can now place COD orders, take loans in your name, or access your stored card details.

ATTACK CHAIN VISUALIZATION HOW YOUR OTP GETS STOLEN — STEP BY STEP STEP 1 Bank calls your number 1 STEP 2 Call routes via carrier 2 ⚡ INTERCEPT Call forwarded to scammer! ⚠ HIJACKED 472 STEP 4 Scammer gets OTP 4 STEP 5 Account DRAINED 5 T+0s T+2s T+4s ← YOU HERE T+6s T+60s YOUR CALLS + OTPS ARE INTERCEPTED IN REAL TIME — ALL IN UNDER 60 SECONDS

🧠 Why Good People Fall for This Trick

You might be thinking — "I would never fall for something so obvious." But here's the thing: in the moment, it doesn't feel obvious at all.

Think about it. A tired person at a crowded railway station. Someone looks genuinely stressed. They ask for a small favour — just one phone call. You've helped strangers before. It feels like the human thing to do.

The code part sounds like a long contact number. If you're not tech-savvy, stars and hash symbols just look like a weird international format. You wouldn't think twice.

Scammers know this. They specifically target:

  • Busy people who are distracted (platforms, bus stops, markets)
  • People who are naturally helpful and trusting
  • Older individuals who aren't familiar with USSD codes
  • People under time pressure (crowded place, about to board something)

The pressure, the sympathy, the rush — it all works in the scammer's favour. Your guard goes down exactly when it should go up.

🛡️ What To Do When a Stranger Asks for Your Phone

✅ The Right Way to Handle It:

1.

You make the call for them

If someone genuinely needs to call their family, offer to dial the number yourself and put it on speaker. You stay in control of the phone the whole time. This helps the real person and blocks the scammer.

2.

Look at the number before dialling anything

If it has symbols like *, #, or starts with ** or ## — it is NOT a regular phone number. Do not dial it. Ever.

3.

Never hand your unlocked phone to a stranger

Even if they seem genuine, your unlocked phone gives them access to apps, contacts, UPI apps, and the dialler. Keep it in your hands always.

4.

It's okay to say no

You don't owe anyone access to your phone. A polite "sorry, I can't" is perfectly fine. Real people in genuine emergencies will understand. Scammers will push back or disappear quickly — that tells you everything.

5.

Direct them to station authorities or a shop

Railway stations, bus stands, malls — all have help desks and security. If someone truly needs help, point them there. A genuine person will go; a scammer won't bother.

❌ What NOT to Do

  • Do NOT dial any number containing * or # symbols for a stranger
  • Do NOT hand your unlocked phone to someone you don't know
  • Do NOT let someone else type a number into your dialler
  • Do NOT assume that a well-dressed, polite person is safe
  • Do NOT feel guilty for saying no — your safety comes first
##002# CANCEL ALL FORWARDING *#21# CHECK STATUS #21# CANCEL UNANSWERED CHANGE ALL PINS 1930 CALL CYBER CRIME CALL YOUR BANK NOW BLOCK TXNS DIALLER ##002# FORWARDING DISABLED ✓ EXECUTE PROTECTION PROTOCOL CALL FORWARDING DISABLED — YOUR PHONE IS PROTECTED DIAL ##002# ON YOUR PHONE RIGHT NOW TO CANCEL ALL CALL FORWARDING

🆘 Bonus: What If You Already Dialled Such a Code by Mistake?

First — don't panic. The damage is reversible. But act fast.

📱 Step-by-Step: Disable Call Forwarding Right Now

01

Dial ##002# from your phone

This is the universal code to cancel ALL types of call forwarding on your number — unconditional, when busy, when not answered. Works on Jio, Airtel, Vi (Vodafone-Idea), and BSNL.

02

Check if it's still active: Dial *#21#

This will display whether any call forwarding is currently set on your number. If it shows a number you don't recognise — that's the scammer's number. Cancel immediately with ##002#.

03

Change all your important passwords immediately

Start with banking apps, UPI PINs, email account, and WhatsApp. Enable two-factor authentication everywhere, and switch it to app-based (like Google Authenticator) instead of SMS/call-based wherever possible.

04

Call your bank immediately

Tell them what happened and ask them to put an alert on your account for any unusual login attempts or OTP requests in the last few hours. Most banks will block and reissue without any charges.

05

Report to Cyber Crime: Call 1930

If any money has already been moved, call the national cyber crime helpline 1930 right away. Also file a complaint at cybercrime.gov.in. The faster you report, the higher the chance of recovery.

💬 Let's Be Honest for a Second

Most of us were raised to help people. That's not a flaw — that's a good thing. But scammers in 2026 are specifically targeting that goodness.

They're not hacking your phone. They're hacking your kindness.

The man who approached Arjun that evening wasn't carrying any special equipment. No laptop. No hacking tool. Just a phone number with a few extra symbols, and a convincing story about a dead battery.

That's it. That's the whole scam.

The best firewall against this scam is not software.
It's knowing the trick before it's used on you.

So share this with your family group. Your parents. Your colleagues who take the metro every day. The ones who are always happy to help a stranger.

Because the next "bhaiya, ek call karni thi" might come for someone you love.

rocket_launch 🔥 Headline Options for This Article

1. "Bhaiya, Ek Call Karni Thi" — The Stranger's Request That Could Have Emptied His Bank Account
2. Never Dial This Code on Your Phone — A Railway Station Scam That Most People Haven't Heard Of
3. This "Simple Favour" Could Cost You Your Bank Account — The Call Forwarding Scam Explained
4. Your Phone. Their Code. Your OTPs Stolen. — How Strangers Are Hijacking Calls Across India
5. He Almost Handed His Phone to a Scammer at the Railway Station — Here's What He Noticed in Time

share 📱 Share This — It Could Save Someone Today

"⚠️ New phone scam alert!
Stranger asks to use your phone at a crowded place.
They give you a number with * and # symbols to dial.
DON'T. It activates call forwarding → your OTPs go to them.
Read the full story 👇
krishnamuduli.co.in/call-forwarding-scam.html"

📢 Share With Your Family

Forward this to your family WhatsApp group right now. Your parents, your younger sibling, your friends who use public transport every day. One share can protect many people.

Read More Cyber Stories