Call-Forwarding Hijack
A scam where attackers enable unconditional call forwarding on a victim's line — often by tricking carrier staff — to intercept incoming calls including one-time authentication codes.
Also known as: call forwarding fraud, unconditional forward hijack, OTP call intercept
Last reviewed: 10 June 2026
Telephone networks support unconditional call forwarding via short codes (such as *21* in many markets), which can sometimes be activated by a caller who persuades a carrier's customer service representative that they are the account holder. Once forwarding is activated, every call to the victim's number — including OTP verification calls from a bank — is silently redirected to a number the attacker controls. The victim's own phone never rings and they see no sign of the redirect.
The attack is often combined with credential theft: an attacker who has a victim's username and password but needs to pass phone-based verification activates forwarding before triggering the authentication call. The bank calls the victim's number, the call is forwarded to the attacker's line, and the attacker passes the verification. In some cases the scam is perpetrated entirely via self-service portals on carrier apps using stolen account credentials rather than social engineering.
Consumers can check for active call-forwarding settings in their carrier's account portal or by dialling the appropriate status code (in the UK, ##002# cancels all conditional forwarding). Setting a strong PIN on your carrier account and enabling two-step verification for carrier account changes reduces the risk of this attack.