Call Merging Scam: As a cybersecurity enthusiast who has closely followed emerging threats, I want to highlight the latest scam targeting smartphone users: the call merging scam. This simple yet highly deceptive trick relies on phishing methods and social engineering to steal One-Time Passwords (OTPs) and other sensitive information.
Call Merging Scam: How the Call Merging Scam Works
Scammers start by calling victims while pretending to be friends, acquaintances, or even media professionals. They then persuade the victim to merge the call with a “VIP” or another important contact. In reality, the second call is linked to a banking or payment app’s OTP process. Once the victim unknowingly merges the calls, the fraudster gains access to the OTP. Armed with this code, they quickly authorize unauthorised transactions, often emptying the victim’s bank account.
Call Merging Scam: Variations of the Scam
Call Merging Scam: Some criminals use personal details obtained from social media or past purchases to create believable messages. These messages may claim the victim won a reward or needs to verify a recent transaction. Victims who click on suspicious links or share their bank details soon realize their money has vanished. The National Payments Corporation of India (NPCI) has warned that fraudsters are increasingly exploiting the call merge feature to commit such crimes.
Real-Life Incidents
In one case, a woman who recently purchased a laptop received a phishing message claiming she had won a voucher. The message mixed up brand names, which made her suspicious. By staying alert, she avoided becoming another statistic in this growing wave of fraud.
Meanwhile, some scammers go even further. They use APK files or Remote Access Trojans (RATs) to gain complete control over a device. Once installed, these malicious apps let hackers see and steal anything on a victim’s phone, from photos to banking information.
Call Merging Scam: Tips to Stay Safe
Call Merging Scam: Don’t Merge Calls with Unknown Numbers: Always verify who is on the other end before merging.
Protect Your OTP: No bank or genuine service will ever ask for your OTP over the phone.
Beware of Suspicious Links: Avoid clicking on links promising vouchers, discounts, or prizes from unknown sources.
Report Immediately: If you spot any suspicious activity or receive an OTP for a transaction you didn’t initiate, call 1930 (the national cybercrime helpline) and inform your bank right away.
Use Official Channels: Always confirm a caller’s identity through official phone numbers or websites.
By staying informed and cautious, you can protect yourself from the call merging scam and other digital threats. Remember, vigilance is the best defense against phishing and financial fraud.
Also Read: Chennai Cryptocurrency Scam: Man Arrested for Fraud via Bitcoin India Software Services