مكالمة واحدة قد تسرق هاتفك.. احذر.. لا تُدخل هذا الرمز!

The story may begin with the ringing of a regular phone, and a calm voice claiming to be a delivery representative waiting for your confirmation. Just a few minutes, and perhaps a few innocent button presses, could open the door for hackers to take complete control of your phone without you realizing it. This scenario is no longer hypothetical; today, official entities and cybersecurity experts around the world are warning about it.

International Warnings About Exploiting USSD Codes

Cybercrime units in several countries around the world have issued warnings to users, alerting them to a new fraudulent method that relies on exploiting service data codes known as USSD, which can be used to redirect phone calls without the knowledge of their owners.

How Does This Type of Fraud Work?

According to cybersecurity experts, the fraud often begins with a phone call that seems normal, from someone claiming to be a delivery company representative or customer service employee, under the pretext of confirming a delivery appointment or rescheduling it.

During the call, the user is asked to enter a USSD code that is sent via a text message. These codes, which consist of numbers and symbols like the asterisk (*) and the hash (#), are typically used for legitimate services such as checking balances or activating certain features, but in this context, they are exploited to execute automatic commands.

Redirecting Calls Without the User's Knowledge

These codes often begin with numbers like 21, 61, or 67 followed by another phone number. Once entered, the call forwarding feature is activated immediately to a number controlled by the attacker, without any clear alert to the user.

As a result, fraudsters can intercept incoming calls from banks or verification services, including calls that contain one-time verification codes, giving them the opportunity to access the victim's bank or digital accounts.

Why Is This Fraud Extremely Dangerous?

The danger of this type of attack lies in the fact that USSD codes do not require an internet connection and are executed immediately upon entry, often leaving no clear trace in the phone's settings. Additionally, traditional security software may not detect this fraud, as it relies on legitimate functions within the telecommunications network itself.

Furthermore, social engineering techniques contribute to the success of these scams, as many users tend to trust callers who claim to represent delivery companies, especially with the increasing reliance on online shopping.

Important Tips to Avoid Falling into the Trap

Security experts advise against entering any USSD codes sent from unknown numbers or through unexpected messages. If someone asks you to enter a code under the pretext of verification, it is advisable to first verify the caller's number through the official company website or via an approved tracking app. It is also recommended to review the phone settings and immediately deactivate the call forwarding service if there is any suspicion of an unusual request.