synopsis

Fraudsters are using a phone's call merge feature to trick victims into revealing OTPs. They convince victims to merge calls, linking them to an OTP verification call from their bank, and then trick them into sharing the OTP.

Named the call merging scam, fraudsters are exploiting a phone’s call merge feature to steal one-time passwords (OTPs) and commit financial frauds. In order to obtain illegal access to bank accounts or other protected platforms, scammers utilize call merging to fool victims into unintentionally disclosing critical information, especially OTPs (one-time passwords).

The call merging scam takes use of a fundamental phone feature, in contrast to phishing scams that employ phony emails or websites. Numerous victims are unaware that it is fraud and unwittingly follow the scammer's directions. 

How does the scam work?

  • A fraudster contacts you unexpectedly and says they obtained your number from a mutual acquaintance or another reliable source.
  • Request to merge Calls: They invite you to combine the call with another number, ostensibly that of a bank official or their "friend".
  • Linking to an OTP Call: After merging, your bank will unintentionally send you an automatic OTP verification call.
  • Tricking you into sharing OTP: By claiming that the OTP is required for verification, the fraudster persuades you to provide it.

How to protect yourself?

  • Never merge calls with unknown people: Refuse to merge calls with someone you don't know right away.
  • Verify caller identity: Use the bank's official customer service number to make a direct call to the bank if someone is claiming to be from it.
  • Banks never request OTPs over the phone: Requesting an OTP over the phone is a warning sign for fraud.
  • Report suspicious activity: Notify your bank and contact 1930, the national cybercrime helpline, right away if you receive an unexpected OTP for a transaction you did not conduct.

What to do if you feel you are the victim?

  • Take these quick actions if you think you may have been a victim of this scam:
  • Never divulge personal information or an OTP.
  • Report it to your bank and end the call.
  • To report the scam attempt, contact the cybercrime helpdesk at 1930.
  • Keep an eye out for any fraudulent transactions in your bank account.

Scams like fake customer support calls, SIM swap fraud, and phishing attacks also target OTPs and banking details. Stay alert and follow security best practices. By staying informed and cautious, you can protect yourself from falling victim to such scams.