Photo for *21 Scam

*21 Scam

Posted on

The *21 scam is a type of phone fraud where a scammer tricks you into entering a code that forwards all of your incoming calls and text messages to their device. This allows them to intercept one-time passwords (OTPs) and other sensitive information to gain access to your financial and online accounts.

How the scam works

  1. The scammer contacts you, often by impersonating a legitimate entity like your bank, phone provider, or a company you've ordered from.
  2. They create a sense of urgency by claiming a problem with your account, a fake missed package, or fraudulent activity.
  3. The scammer provides instructions for a supposed "fix." They tell you to dial a code like **21* followed by a 10-digit number.
  4. The code forwards your calls. The *21* prefix is a Universal Supplementary Service Data (USSD) code used to activate unconditional call forwarding on some mobile networks. By dialing the code, you unknowingly send all your calls and SMS messages to the scammer's phone.
  5. The scammer hijacks your accounts. They then use their access to your calls and texts to initiate password resets on your accounts. They can intercept the OTPs or two-factor authentication codes sent to your phone, giving them control of your bank, social media, or other online accounts.

How to protect yourself

  • Never follow instructions from unsolicited callers. Do not dial any codes provided by someone who calls you unexpectedly. No legitimate bank or company will ask you to do this.
  • Be wary of urgency. Scammers create a sense of urgency to bypass your normal caution. Take a moment to think and verify any information with the organization directly using a trusted contact method.
  • Verify the caller's identity. If you are concerned about your account, hang up and call the company back using the official phone number listed on their website or your statement.
  • Block unknown callers. Use your phone's settings to automatically silence calls from numbers you don't know.

What to do if you are a victim

If you have already dialed the code, take the following steps immediately:

  • Disable call forwarding. On many networks, you can dial ##21# to deactivate unconditional call forwarding.
  • Change all your passwords. Assume the scammer has access to your accounts and change all your passwords immediately.
  • Enable two-factor authentication. If you don't already have it, enable 2FA on all your accounts. Use an authenticator app for the highest security.
  • Contact your bank. Notify your bank and other financial institutions to report the fraud and freeze or monitor your accounts.
  • Report the scam. Report the incident to official channels like the Federal Trade Commission (FTC) at ReportFraud.ftc.gov.

Keywords

News