A young textile businessman from Mumbai has found himself at the heart of a ₹10 lakh phishing fraud – a con job so smoothly executed that it barely took a phone call. And that’s now being termed as USSD fraud
The businessman lives with his parents and brothers in a modest fourth-floor apartment. His family earns a living from a garment store in Mumbai. But on May 29, 2025, an ordinary day turned into a nightmare when a man, identifying himself as “Madhu Gupta” from the Credit Card Department of a credit card that he held, called the businessman.
Claiming there were unauthorised insurance charges linked to a card connected to the victim’s relative’s credit card, the caller said the victim needed to “deactivate” the insurance service to avoid paying needless fees. While the businessman smartly refused to share an OTP, the scammer quickly pivoted to a new trick: he asked him to dial a malicious USSD code disguised as a standard phone-based verification request. The scam was complete.
He received four debit transaction alerts on his phone totalling more than ₹10 Lakh. The victim logged into his mobile app and discovered that the entire sum had been siphoned off from a savings account held in his father’s name — an account that the victim was managing and had linked to his own phone number.
Here’s where the scam gets technical: the USSD code most likely diverted call forwarding or linked access between his number and the scammer’s, enabling them to intercept or initiate banking actions. Once inside the system, the fraudsters used IMPS to transfer the money to four accounts.
Realising the swindle, the victim immediately contacted the bank’s customer care helpline and reported the fraud. He followed it up by registering a complaint with the national cybercrime helpline (1930) and later, the Cyber Police Station at Worli, Mumbai, on June 11, 2025. The police have filed charges under Sections 66(C) and 66(D) of the Information Technology Act and Sections 318(4) and 319(2) of the Bharatiya Nyaya Sanhita, 2023.
The Vigilant Blog covers the crime beat and has a finger on the pulse of the latest crimes and scams. Follow us on Facebook and Twitter to get more news like this.
This case highlights a dangerous trend in cyber fraud—the fusion of psychology and tech tools to manipulate victims into compromising their own security. The fraudster never needed an OTP. All it took was an innocent-looking phone number string and an authoritative tone. As phishing scams become more sophisticated, experts are urging users to never dial unknown USSD codes, no matter who asks. If in doubt, always call the bank directly or use verified apps.
Discover more from The Vigilant Blog
Subscribe to get the latest posts sent to your email.