‘Yes scams’ expose new voice-based fraud risk in India’s digital economy

A fraud that begins with an ordinary call

A single, casually spoken word is emerging as a new vulnerability in India’s rapidly digitising financial system. Cybercrime investigators are warning about “Yes scams”, a form of voice-based fraud that exploits routine phone conversations to bypass security checks — often without victims realising they have been targeted.

The calls are deliberately unremarkable. An unfamiliar number appears, and the caller asks something mundane: Can you hear me? Is this a good time to talk? Are you Mr X? For most people, replying “yes” is instinctive. For fraudsters, it can be enough to begin an attack.

When voice becomes a credential

In a Yes scam, criminals record a victim’s affirmative response and later reuse it to impersonate consent or identity. Unlike traditional phishing, which depends on suspicious links, passwords or one-time passwords (OTPs), this method exploits the growing use of voice-based authentication in banking, telecom and customer service systems.

Cybersecurity experts say scammers harvest short voice clips — especially words like “yes” or “ji” — and replay or digitally manipulate them to simulate legitimate approval. In more advanced cases, these recordings may be combined with other leaked personal data to authorise transactions, open accounts or even secure loans in a victim’s name.

“The danger is that no OTP or sensitive detail is shared,” a cybercrime investigator said. “Your voice itself becomes the credential.”

Why victims often don’t realise it

One of the most worrying aspects of Yes scams is the delay in detection. Unlike instant debit alerts or failed login messages, the impact may surface days or weeks later, when unexplained transactions, new accounts or liabilities appear.

Cybercrime helplines report that many complaints begin with confusion rather than certainty. Victims often struggle to connect a brief, harmless phone call with financial damage discovered much later.

Caution, reporting and the limits of awareness

Authorities and security advisories are increasingly urging people not to respond with “yes” or similar affirmations during unsolicited calls. Instead, experts recommend neutral replies such as “Who is calling?” or “What is this regarding?” — or simply disconnecting.

Early reporting is critical. Anyone suspecting voice-based fraud should immediately inform their bank and lodge a complaint with the cybercrime helpline. Officials say timely alerts can sometimes prevent further losses and help investigators identify broader scam patterns.

As digital services increasingly rely on voice interaction, experts warn that awareness alone is not enough. Stronger safeguards and limits on voice-only authentication may be essential to protect users in India’s fast-evolving digital economy.