In our modern digital era, scammers exploit advanced communication tech for malicious ends. Call forwarding scams, increasingly prevalent, jeopardize financial and personal security, spanning banking to WhatsApp. This post delves into these scams, their mechanics, and crucially, how to safeguard against them.
Understanding Call Forwarding and Its Uses
Call forwarding is a legitimate phone service that allows you to redirect incoming calls to another phone number. It can be helpful in various situations, such as when you’re unavailable to answer. You can forward calls to voicemail, a colleague’s phone, or your mobile phone when you’re in a meeting or on vacation.
There are two types of forwarding:
Unconditional forwarding: This type forwards all calls, regardless of your availability. It’s useful when you have a temporary work number or are traveling internationally.
Conditional forwarding: This allows you to set specific conditions for call forwarding, such as forwarding calls when your phone is busy, unanswered, or out of range.
However, scammers can exploit the functionality of call forwarding for malicious purposes.
The Impact of Call Forwarding Scams
With call forwarding enabled, scammers can intercept your calls and steal crucial information like One-Time Passwords (OTPs) sent for account verification. These stolen OTPs allow them to access your messaging apps, bank accounts, and other sensitive data.
Falling victim to this scam can have severe consequences, including:
Financial Loss: Scammers can exploit call forwarding to make unauthorized international calls, racking up hefty phone bills on your account. They may also gain access to your bank accounts and steal your money.
Compromised Information: Your personal data, including phone records and messages, becomes vulnerable. This can lead to identity theft and damage your reputation.
Missed Communication: Important calls from friends, family, or work might be forwarded away, leaving you out of the loop and potentially jeopardizing your safety.
Whatsapp Hijacking: The attacker tricks you into calling a specific number that activates call forwarding on your phone. This diverts your calls to their number. Common methods include dialing numbers with MMI codes (e.g., codes starting with “*” or “#”).
While your phone is busy with the call forwarding setup, the attacker starts registering a WhatsApp account using your phone number.
To verify the registration, WhatsApp will attempt to call you with a One-Time Password (OTP). Since calls are forwarded, the attacker receives the OTP instead of you. With the OTP, the attacker completes the registration and gains access to your WhatsApp account.
How Call Forwarding Scams Work
Call forwarding scams involve tricking individuals into unwittingly forwarding their calls to a number controlled by scammers. Once the call forwarding is in place, scammers can intercept important calls and messages intended for the victim, enabling them to carry out various fraudulent activities.
Here are the common approaches scammers use:
1. Initiating Contact: The scammer initiates contact with the victim using various channels:
- Phone Calls, Texts, Emails, Social Media (SMS Phishing or “smishing”): This is the most common approach, where scammers pose as fake customer service representatives or use social engineering tactics to create a sense of urgency or trust.
- In-Person Contact: Scammers may also approach victims in public places like markets or bus stops, feigning an emergency situation. They might claim someone close is in the hospital, their phone was stolen, or they’ve lost contact with someone and urgently need to make a call.
2. Creating Urgency: Regardless of the approach, the scammer will try to make the victim feel rushed and worried.
They might say:
- Their account is in danger.
- Their phone has a problem.
- They need to verify their identity for a bogus “special offer.”
- A loved one is in trouble and they need to make an urgent call (for the in-person approach).
3. Gaining Access to Your Phone (In-Person Approach): When approaching you in public, the scammer might:
- Ask to borrow your phone to make a quick call due to their supposed emergency.
- Offer to “help” you make the call while subtly enabling call forwarding on your device.
4. Enabling Call Forwarding (All Approaches): Once urgency is established, the scammer will instruct the victim to dial a specific code, typically commencing with *401#, to initiate call forwarding activation. The scammer may offer deceptive instructions or false explanations to rationalize this action, deceiving the victim into unwittingly enabling the scam.
Learn more about vishing (voice phishing)
5. Rerouting Calls: After activating call forwarding (whether through remote instructions or physical access to the phone), the scammer reroutes all calls intended for the victim’s phone to their number. This includes calls from critical institutions such as banks and credit card companies. The victim’s communication is effectively intercepted, putting sensitive information at risk of unauthorized access and potential misuse by the scammer.
6. Intercepting Information: Having successfully rerouted calls, the scammer intercepts sensitive information by posing as the victim. This deceptive tactic allows them to acquire confidential details such as account numbers, PINs, and security codes during interactions with callers. The victim’s vulnerability is exploited as the scammer gains unauthorized access to valuable information.
Identifying Call Forwarding Scams
While becoming increasingly sophisticated, there are still signs to watch out for:
Service Disruptions: Experiencing unusual call behavior like calls going straight to voicemail or delayed connections.
Unexplained Charges: A sudden spike in your phone bill, especially with international or premium-rate calls you didn’t make.
Unfamiliar Numbers: Numbers you don’t recognize appearing on your call log.
Missed Calls: People reporting they couldn’t reach you despite their calls showing as connected on their end.
USSD Code: Code *#21#, when dialed upon, initiates the USSD (Unstructured Supplementary Service Data) code that reveals all the information (Enabled or Disabled) about your device’s call forwarding settings.
How to Protect Yourself from Call Forwarding Scams
Be Wary of Unsolicited Requests: Never share personal or financial information over the phone, even if the caller seems legitimate, as legitimate institutions won’t ask for such details through phone calls.
Verify Contact: If contacted about a potential account issue, hang up! Contact the organization directly using their official contact information found on their website or a trusted source.
Never Dial Unknown Codes: Scammers may instruct you to dial specific codes to “fix” a problem. Never dial codes provided by unknown callers.
Review Call Forwarding Settings Regularly: Familiarize yourself with how to deactivate call forwarding on your phone. Check your settings periodically to ensure it’s not enabled without your knowledge.
Deactivating Call Forwarding (Instructions may vary slightly by device/Carrier)
General: Most phones allow you to deactivate call forwarding by dialing a code ##004# (e.g., *#21# for some carriers). Consult your phone’s manual or carrier’s website for specific instructions.
Android: Open the Phone app > Settings (three dots) > Call Settings > Call Forwarding and disable the desired forwarding options.
iPhone: Go to Settings > Phone > Call Forwarding and toggle it off.