The Call Merge Scam has sent alarm bells ringing across India, prompting the National Payments Corporation of India (NPCI) to issue an urgent warning on February 14, 2025. This insidious fraud exploits a phone’s call merge feature to steal one-time passwords (OTPs), emptying bank accounts without victims suspecting a thing. Unlike traditional scams that rely on phishing links or direct OTP requests, scammers pose as acquaintances, tricking users into merging calls that connect to legitimate bank verification systems. NPCI’s alert on X, urging users to “stay alert and protect your money,” has spotlighted a growing threat in India’s digital payment ecosystem.
Here’s how the Call Merge Scam unfolds. A fraudster calls, claiming they got your number from a friend, often dangling an event invite or job offer. They ask you to merge the call with this “friend,” who is actually another scammer timing a bank OTP verification call. Once merged, the OTP arrives, and victims, thinking it’s part of the conversation, share it unknowingly. The scammer then authorizes transactions, siphoning funds instantly. Radhika Sharma, a 34-year-old single mother from Delhi, learned this the hard way. Lured by a job offer, she merged a call and lost Rs 2 lakh—her savings for her daughter’s education. “I trusted the caller,” she recalls, her voice heavy with regret. Months of police complaints yielded no recovery, a stark reminder of the scam’s devastation.
India’s digital boom, with UPI handling 15 billion transactions monthly per NPCI’s 2024 data, has made it a scammer’s playground. The Call Merge Scam thrives on trust, exploiting a feature meant for convenience. NPCI’s advisory is clear: never merge calls with unknown numbers, verify caller identities, and report suspicious OTPs to the cybercrime helpline (1930). Banks never ask for OTPs over calls, a red flag Radhika missed. A 2024 FICO report revealed 60% of Indians receive scam messages, with losses doubling for amounts over Rs 8 lakh, underscoring the urgency of vigilance.
Radhika’s story isn’t unique. In Mumbai, retiree Anil Gupta lost Rs 1.5 lakh to a similar ruse, believing he was confirming an event invite. The 62-year-old, reliant on his pension, spent weeks navigating bank protocols, his trust in digital payments shaken. “I felt helpless,” he says, urging others to double-check callers. Delhi Police’s cyber unit notes that scammers often use spoofed numbers, mimicking bank prefixes, making the call seem authentic. Activating spam detection on Android phones, as NPCI suggests, can filter such calls, but awareness remains key.
The Call Merge Scam highlights broader cybersecurity challenges. India lost Rs 11,333 crore to cyber frauds in 2024’s first nine months, per the Indian Cyber Crime Coordination Centre, with UPI scams surging. NPCI’s AI-driven fraud detection, using machine learning to spot anomalies, has blocked thousands of suspicious transactions, but scammers evolve faster. Kiran Nambiar, CEO of MyFi, advocates for biometric authentication and behavioral analytics to bolster security, noting that user education is equally vital.To stay safe, NPCI recommends ignoring unknown calls, enabling banking security features like two-factor authentication, and reporting fraud instantly. Radhika now shares her story at community workshops, hoping to spare others her pain. As India races toward a cashless economy, the Call Merge Scam is a wake-up call. Staying informed and skeptical can keep your money safe, ensuring scammers don’t turn digital dreams into nightmares.