PanicStation.org
UK USA
uk Technology & digital loss call forwarding alert • call divert turned on • carrier warning message • calls diverted to another number • call divert scam • phone number takeover • sim swap suspected • port out fraud • network divert fraud • voicemail accessed • two factor codes intercepted • phone account compromised • unexpected account change • mobile provider fraud team • call forwarding not me • call divert enabled without permission • suspicious carrier notification • mobile security incident • social engineering scam

What to do if…
you get a carrier alert that call forwarding was enabled and you did not set it

Short answer

Treat this as a possible account takeover. Use a trusted route (your network’s official app/website or the number on your bill) to contact your mobile provider now and have them remove all call forwarding/diverts and secure your account.

Do not do these things

  • Do not dial “fix codes” or follow instructions sent by a random text/call/voicemail, even if they claim to be your network or bank.
  • Do not call back a number from the alert text or from a missed call notification unless you already know it’s genuine.
  • Do not share one-time passcodes, PAC details, account PINs, or “security answers” with anyone contacting you first.
  • Do not assume turning it off in your phone settings is enough (some forwarding is set on the network side).

What to do now

  1. Contact your mobile network using a verified route.
    Use the number on your bill/contract, the network’s official website, or their official app. Ask for the fraud/security team if available.
  2. Ask them to confirm what changed, then clear it at network level.
    Ask: what forwarding/divert was enabled (all types) and when it was added, and have them remove/clear all call forwarding/diverts on the network (not just handset settings).
  3. Ask them to check for SIM swap / port-out activity.
    Ask whether there were any recent: SIM/eSIM activations, device changes, PAC requests, porting requests, added authorised users, address changes, or failed verification attempts.
  4. Lock down your mobile account (with the provider’s help).
    Reset/add an account PIN/passphrase and ask what account-change restrictions they can add (for example: requiring extra verification for SIM swaps/ports, adding notes that changes must pass enhanced checks, or enabling any port/number-transfer protection they offer).
  5. Secure voicemail (it can be used to reset other accounts).
    Change your voicemail PIN/passcode and confirm voicemail can’t be accessed from another phone without that PIN. Ask whether voicemail was reset or accessed recently.
  6. Assume calls/texts could be intercepted until your network confirms it’s fixed.
    For the next day or two, avoid relying on SMS/phone-call verification where you have alternatives. Prioritise moving key accounts (email, banking, Apple/Google) to app-based authentication or backup codes.
  7. Check your highest-risk accounts in this order:
    • Primary email account(s): change password, review recent sign-ins, remove unknown devices/sessions, and check for new forwarding rules/recovery changes.
    • Banking/credit: review transactions and alerts; if anything looks off, contact the bank using a trusted number.
    • Mobile wallet/app stores: check for new devices, payment methods, or purchases.
  8. If you were contacted by someone claiming to be your bank, switch to a safe calling method.
    Hang up. Dial 159 (if your bank supports it). If 159 doesn’t connect to your bank, use the number on your bank card or in your banking app—do not accept a “transfer” from an incoming call.
  9. Create an official record if you suspect fraud (or if losses occur).
    In England, Wales, or Northern Ireland, report cyber crime/fraud via Report Fraud (this replaced Action Fraud). In Scotland, report to Police Scotland on 101. Keep a simple timeline and any provider reference numbers.

What can wait

  • You do not need to fully investigate “how” it happened right now.
  • You do not need to confront anyone who may have targeted you.
  • You do not need to change every password today—focus first on mobile account, voicemail, and primary email, then the most valuable accounts.

Important reassurance

Getting a call-forwarding alert you didn’t trigger is unsettling, but quick action usually limits the damage. The most important thing is to regain control of the number and cut off network-level forwarding before you do anything else.

Scope note

This guide covers first steps to stabilise and prevent immediate harm. Follow-up (like longer-term account hardening and restoring accounts) may take additional, more tailored steps.

Important note

This is general information, not legal, financial, or technical advice. If you see unauthorised transactions, account lockouts, or evidence your identity has been misused, contact your provider/bank promptly and consider reporting through the appropriate UK route.

Additional Resources
Support us