A new cyber fraud technique, the Call Merge Scam, is deceiving individuals into unknowingly revealing their One-Time Passwords (OTPs). Fraudsters exploit call merging features to make victims believe they are speaking to a trusted person, leading to unauthorized access to their accounts.

In this fraud, typically the fraudsters calls the victim, claiming that they have obtained their contact details through a mutual friend. They may then request the victim to merge a call with another person, it can be done on the pretext that the “friend” is calling from another number. Unaware of the scam, the victim agrees, unknowingly linking to a legitimate OTP verification call from their bank.

The scammers strategically time their calls so that when the victim receives an OTP, they believe it is part of the ongoing conversation and share it without suspicion. The fraudsters then use the OTP to authorize fraudulent transactions, leading to financial losses for the victim.