Protect yourself from the *72 call forwarding scam

When you’re juggling 100+ passwords, a one-time password feels like a breath of fresh air. It’s so easy—you have a code sent to your phone, enter it, and you’re in!

Scammers love one-time passwords, too. In a growing scam, they try to trick you into forwarding your calls to a phone number they control—including calls that deliver one-time passwords or verify your identity. If they succeed, they can intercept these codes and sign into your accounts.

Behind the scenes of *72 call forwarding scams

To activate call forwarding, dial *72 and the phone number where you want your calls sent. So, if you want your work calls to go to your cell phone, you’d dial *72 and your cell phone number. Note: Your phone service might use something other than *72, like *21 or *90.

Call forwarding works only with phone calls, not texts, so scammers target companies that send verification codes by automated call or offer a “Call me” option instead of a text.

Here’s an example of how this scam works:

• The scammer contacts you and claims to be a representative of a company. There’s an urgent issue with your order or your account.

• Then, they ask you to type a number into your phone to be transferred to a manager, technical support, or the fraud department.

• The number? *72 followed by a 10-digit number. In other words, they’re trying to trick you into forwarding your calls to them.

• If they’re successful, the scammer uses a one-time password—that should go to your phone but is forwarded to theirs—to sign into your account and take whatever they can.

Note: Flagstar will never ask you to dial *72 or set up call forwarding of any kind.

How to protect yourself from call forwarding fraud

• Don’t rely on your mobile phone settings. They may not reflect every type of call forwarding.

• Be skeptical of unsolicited callers. Don't assume they are who they claim to be.

• Never dial codes on command, especially if they start with a * or #.

• Contact the business directly to see if there really is an issue. Do not dial the number of the person who called you. Find an official phone number from the company’s website, a receipt, or an account statement.

• Monitor your accounts regularly. Look for unusual charges or suspicious activity.

• Set up account alerts.
  Get notified immediately if someone tries to log in or change your password or other information.

What to do if you’re a victim of a call forwarding scam

• Deactivate call forwarding immediately. Call your phone service to learn how.

• Call your local Flagstar branch or Customer Service. Report any suspicious account activity, stolen credit or debit card numbers, and unexpected or unusual messages that appear to be from Flagstar.

• Change your passwords. Start with your email and online bank accounts, then move to shopping, utilities, social media, and apps.

• Look for new password requests that you didn’t make. Check Sent and Trash folders in your email and Recent Activity or Security in your social media settings.

• Monitor your mobile phone logs.Look for calls you don’t recognize or didn’t appear on your phone.

• Contact your phone service. Tell them your account has been compromised and ask for extra security, such as a port-out PIN or SIM lock.