Missed Call OTP Forwarding Scam — How to Identify & Stay Safe

INDIA — By BharatSecure Threat Intelligence Team · Updated May 28, 2026

Severity: MEDIUM | View Full Scam Details

Missed Call OTP Forwarding Scam in India 2026: Protect Your UPI and Aadhaar Now

Millions of Indians rely on mobile phones for banking, UPI payments, and official verifications — but the Missed Call OTP Forwarding Scam is putting your money and identity at serious risk in 2026.

What Is the Missed Call OTP Forwarding Scam?

The Missed Call OTP Forwarding Scam is a sophisticated phishing tactic targeting mobile phone users in India. Scammers call unsuspecting victims, often pretending to be from courier services or banks, to trick them into forwarding one-time passwords (OTPs) by changing phone settings remotely. This type of fraud exploits India’s growing dependence on mobile phones for secure financial transactions and essential services like Aadhaar authentication and WhatsApp communications.

This scam mainly affects users who receive frequent calls about parcel deliveries, banking alerts, or urgent account issues. Victims can be from any walk of life — from tech-savvy urban customers to first-time smartphone users in smaller towns. Reports of the scam have increased across states, especially with the rise of UPI-based payments in everyday life. Though there is no dedicated public advisory specifically naming this scam, cybersecurity agencies like CERT-In and the Indian Cyber Crime Coordination Centre (I4C) have issued warnings about phishing and call forwarding frauds, urging vigilance.

How This Scam Works — Step by Step

1. Initial Contact: The victim receives a missed call or an unsolicited call from someone claiming to be a representative of a courier company or bank. The caller creates urgency by saying there is a problem with a parcel or an important banking transaction requiring immediate attention.

2. The Hook: The caller then instructs the victim to dial specific USSD codes such as 21, 401, 61, or 67 on their phone. These codes control call forwarding and other network settings but are not commonly understood by typical users.

3. Activation of Call Forwarding: Once the victim dials these codes, their incoming calls, including SMS OTPs, start getting forwarded to the scammer’s number without their knowledge.

4. Stealing the OTP: Scammers then perform transactions or account changes that trigger OTPs to be sent—these OTPs now go to the scammer instead of the victim’s phone.

5. Execution of Fraud: Using the stolen OTPs, scammers can make unauthorized UPI payments, transfer money, reset WhatsApp accounts, or misuse Aadhaar-linked services instantly.

6. Realization and Loss: Victims usually notice the fraud only after seeing unexpected debits from their bank accounts or losing control of their messaging apps and personal data.

Real Warning Signs to Watch For

• Calls warning about undelivered parcels or urgent bank transaction issues from unverified numbers
• Push to dial uncommon USSD codes or alter phone call settings immediately
• Requests to share OTPs or dial codes without clear explanation
• Incoming calls that end just after a "missed call" or too quickly for a proper conversation
• Unfamiliar numbers receiving your OTP SMS as noticed in message details (if possible)
• Delay or failure in receiving expected SMS OTPs for banking or UPI transactions
• Unexpected resets or log-outs from WhatsApp or other apps linked to your mobile number

What Happens to Victims

Victims of this scam often lose money directly from their bank accounts via UPI transactions triggered by stolen OTPs. Since UPI payments are instant and nearly irreversible without bank intervention, financial recovery is difficult and slow. Some victims report multiple fraudulent transactions before the issue is noticed.

Beyond financial loss, victims face emotional stress dealing with identity misuse when Aadhaar-linked services are compromised. Personal data theft can lead to further scams or harassment. If the victim’s WhatsApp is accessed by fraudsters, it can be used for spreading spam or further scamming their contacts. SIM swap confusion caused by call forwarding also disrupts regular communication, adding to frustration.

What RBI and CERT-In Say

The Reserve Bank of India (RBI) cautions users to never share OTPs with anyone and be wary of unsolicited calls requesting personal or banking details. RBI’s guidelines emphasize secure use of UPI by avoiding sharing PINs or OTPs and reporting suspicious activity immediately.

CERT-In alerts in recent years have repeatedly warned against phishing and phone-based fraud techniques, including manipulation of mobile call forwarding settings. The Indian Cyber Crime Coordination Centre (I4C) encourages users to report such scams to the 1930 cybercrime helpline and use official complaint portals like cybercrime.gov.in for speedy action.

How to Protect Yourself

1. Never dial USSD codes received over unsolicited calls or SMS. Always verify with your operator or bank before making any changes.
2. Do not share OTPs or UPI PINs with anyone — not even if they claim to be from a bank or courier service.
3. Enable app-based transaction alerts from your bank in addition to SMS alerts for redundant security.
4. Regularly check mobile call forwarding settings by dialing *#21# or contacting your mobile service provider.
5. Register for mobile number-based blocking services using DND (Do Not Disturb) to reduce spam calls.
6. Set up two-factor authentication using apps like Google Authenticator or device biometrics wherever possible.
7. Immediately report suspicious transactions or calls to your bank and block your UPI app if unauthorized activity is noticed.

What to Do If You've Been Targeted

• Contact your bank immediately to freeze affected accounts and attempt to reverse unauthorized UPI transactions.
• File a complaint with the 1930 cybercrime helpline for assistance and help with investigations.
• Report the fraud on cybercrime.gov.in with full details, including numbers and transaction details, to alert authorities.
• Change your SIM card or mobile number if necessary, and request your operator to check and disable call forwarding settings.
• Monitor your Aadhaar and credit accounts regularly for any unauthorized activity or changes.
• Inform your contacts if your WhatsApp or social media profiles have been compromised to prevent further spread of the scam.

Frequently Asked Questions

Q1: Can dialing USSD codes really forward my OTPs to scammers?
Yes, some USSD codes control call forwarding and can divert your OTP messages and calls to scammers, enabling them to intercept sensitive verification codes.

Q2: What should I do if I accidentally dialed a forwarding code?
Immediately check your phone’s call forwarding status by dialing *#21# or contacting your mobile provider, and disable any unexpected forwarding. Also, alert your bank to monitor or block transactions until secure.

Q3: Is this scam only about UPI payments?
No, besides UPI fraud, forwarded OTPs can compromise WhatsApp accounts, Aadhaar-linked services, and any other apps or platforms that use OTP verification tied to your mobile number.

Protect yourself by verifying suspicious calls and messages on BharatSecure.app. If you encounter such fraudulent attempts, report immediately at the 1930 cybercrime helpline.

Disclaimer: This article describes a pattern of fraud reported in public sources for public-safety awareness. It is not legal, financial, or medical advice. To request correction or removal of any content, write to hello@bharatsecure.app.