Why you shouldn't answer "yes" on the phone

  • The "yes" scam uses social engineering and recordings to drive fraud, but the voice alone does not authorize banking transactions.
  • Warning signs: urgency, requests for sensitive data, unknown numbers, fake prizes, and impersonation of institutions.
  • Act fast: don't give out information, hang up, block, report, monitor your accounts, and change passwords if you suspect anything.
  • Prevent risks: avoid saying "yes", use "tell me", verify through official channels and rely on call blocking apps.
Lorena Figueredo

9 minutes

Woman answering call

Answering the phone with a spontaneous "yes" is so common that we hardly notice it, but in recent months the authorities have focused on this gesture. The National Police, INCIBE/OSI and media outlets such as VerificaRTVE have issued warnings of a type of deception known as "the yes scam", a social engineering trick that uses our own voice to try to sneak in frauds and unsolicited registrations.

Before going into detail, it is worth clarifying something important: There are no banking systems that fully authorize voice-only transactionsAs the Bank of Spain points out, even a recorded "yes" can be the piece a criminal needs to build a larger scam, forcing follow-up calls, requesting extra information, or using the recording as fake "proof" to sign up for services. Therefore, rather than panicking, it's important to understand how the scam works and what warning signs should raise red flags.

What is the "yes" scam and why is it worrying?

The so-called "yes scam" is a variant of vishing (voice phishing) in which scammers seek to capture a clearly pronounced affirmative answer by the victim. They do this by impersonating banks, customer service departments, or other recognizable entities, with a dual purpose: on the one hand, to record that "yes"; on the other, to take advantage of the conversation to obtain more personal or financial data.

In some cases, They don't even need you to answer a questionSimply answering the phone out of habit is enough to trick them. Other times, they ask leading questions like, "Have you authorized a transaction now?" or "Do you agree to receive updates about our services?" Throughout the call, they record the audio to later use in some procedure or as leverage for the next stage of the fraud.

How they work: the step-by-step process

  1. Initial callA call comes in from someone claiming to be a bank, store, technical support, or "customer service." Sometimes, if you answer "yes" right away, no one responds and they hang up quickly; other times, the caller engages you in conversation with a friendly tone to gain your trust.
  2. Questions that seek an affirmative answerWith carefully crafted scripts, they formulate questions that encourage a "yes" answer. This is where social engineering comes in: they mention recent movements, security alerts, or "routine checks" to lower your guard and confirm details that you shouldn't share.
  3. Recording of the "yes"While they're talking to you, they record the audio. That initial "yes," or any other you utter, becomes a resource the scammer will save for later, either to attempt automated validations or to pressure you into a second interaction.
  4. Use of recording and storytellingWith their voices in their hands, they will try to open accounts, contract services or authorize actions on your behalfThey may also claim you have an active "premium" subscription and use the recording as supposed evidence. Their real goal is usually to get you to provide them with account numbers, ID numbers, addresses, or verification codes when you try to "cancel."
  5. Victim detection and reactionMany people notice when they receive strange charges. SMS codes that were not requested or a second call that "offers help" to deactivate what they supposedly agreed to. At that point, you need to act quickly and cut fraud following good practices.

Social engineering tactics and common tricks

  • ImpersonationThey present themselves as staff from your bank, your phone company, a major brand, or even government agencies. They seek to project authority and familiarity to gain your trust.
  • Seemingly innocuous questions"Have you authorized a transaction now?" or "Do you agree to receive updates?" sound routine, but their goal is to reap a clear "yes" that they can reuse.
  • Calculated silenceSometimes they don't ask any questions at all: they expect you to say "yes" automatically and hang up. They've already got what they wanted, without any further conversation.
  • Automatic voiceoversA recording informs you that you have subscribed to a paid service. If you call back to cancel it, they ask you sensitive data under the pretext of processing the discharge.
  • Authority and fearThey use the names of institutions (police, banks, tax office) to intimidate and force you to act without thinking, sometimes demanding immediate payments.

Unmistakable signs of a fraudulent call

Scammer on the phone

  • Extreme emergencyThey pressure you to act "now," under threat of imminent blocking, fine or charge, or with the promise of a benefit that runs out in minutes.
  • Credentials requestThey ask for passwords, verification codes, full card numbers, or banking credentials. No legitimate entity will ask you for that over the phone.
  • Unknown or international numbers Without a clear explanation of who is calling, why, and from where. If they refuse to identify themselves or fail basic checks, that's a bad sign.
  • Prizes, inheritances, or "guaranteed" investmentsOffers that are too good to be true, designed to attract and extract information or money.
  • Use of brands and institutions to command respect and request payments, codes or data that do not correspond to a legitimate procedure.

What to do as soon as you suspect

  • Do not give out personal or financial informationEnd the conversation if they ask for irrelevant information.
  • Hang up immediatelyDon't prolong the dialogue or answer any more questions. Prevent them from obtaining new voice snippets or clues about you.
  • block the number on your mobile to prevent future calls from that line.
  • Report the attempt to the authorities or official reporting platforms. The more information they have, the better they can react.
  • Boost your mobile with call blocking apps that identify and filter suspicious or massive numbers.

Myths and realities: Can you get hired just with your voice?

One of the big questions is whether a recorded "yes" is enough to authorize payments or sign contracts. The answer is clear: In banking, it is not possible to validate transactions solely with your voice.Additional factors are required, from specific personal data to one-time passwords, which means that isolated audio is not sufficient.

So why insist so much on not saying "yes"? Because the audio acts as a "hook" for more complex strategies. The real danger is the story they weave around it.They often turn that "yes" into an excuse for a second call where they "fix" a fabricated problem. It's the logic of the double-call scam: first they put you on alert, then they offer to solve it, and in the process, they extract the data they really need.

Something similar happens with the missed call scam. A short call leaves a record And if you return the information, you enter their "cancellations," "verifications," or "subscription cancellations" process, where the goal is the same: to extract information from you or induce you to make payments.

If you have already said "yes" or believe they have recorded your voice

  • Keep calmLeave your nerves behind: thinking calmly will allow you to cut off fraud and make the right decisions.
  • Hang up and verify via official channelIf they claim to be from your bank, call the number on the official website or the one on your card; never the one they gave you on the call.
  • Keep an eye on your accountsReview your bank statements and credit card transactions to detect unusual charges. Contact your bank at the first sign of trouble.
  • Change passwords and security codesReinforce your credentials in case they have collected additional information during the call.
  • Control your digital footprintPractice egosurfing (search for yourself on the Internet) and activate alerts in search engines to find out if mentions appear with your name or data.
  • Keep evidenceSave numbers, recordings, SMS messages, emails, or screenshots. Everything helps when reporting and blocking new attempts.
  • Complaint before the State Security Forces and Corps, providing all available information.

Prevention in your daily life

A simple trick makes all the difference: Avoid automatically answering "yes".Replace it with "tell me" or "who," phrases less likely to be reused by a third party; as a practical example, look at the Grandma Daisy foils scammersIt may seem like a minor detail, but it takes away a tool from those seeking to extract that crystal-clear "yes".

Furthermore, Be wary of calls that start with a recorded message. This notifies you of premium subscriptions, pending shipments, or immediate payments. If a contract has actually been signed, you can confirm it through your official channels (app, website, office, or phone) without keeping anyone on the line who called you.

If you notice aggressive scripts, urgency, confusion, or demands for data, Hang without fearHaste is the lifeblood of scams. And if you feel overwhelmed, remember that legitimate sellers understand that you need to verify their identity through other means.

Another good practice is Do not press options in automated calls To "talk to an agent" or "cancel now". That tap confirms the number is active and opens the door to more attempts or special rates if the number is international.

Lastly, Strengthen your phone with blocklists and anti-spam appsThese tools help identify mass calls or calls known to be fraudulent, and although they are not infallible, they greatly reduce the noise.

Who is warning you and why you should take it seriously

The "yes scam" is not a social media anecdote. The National Police have issued warnings explaining that criminals impersonate banks or customer service representatives, record your affirmative response, and try to use it to sign you up for services or to pressure you into making further calls.

The National Cybersecurity Institute, through its Internet User Security Office, has detailed this variant of vishing and how AI and apps help real-time fraud protection, including real examples of trick questions, cases of voice messages that mention premium subscriptions and recommendations for action, from hanging up and blocking to reporting and strengthening passwords.

Verification tools and technology, such as VerificaRTVE or specialized publications, have consolidated the messageThe "yes" alone does not validate banking operations, but it serves as a tool within a fraud that gains strength when you introduce fear, urgency and additional data into the equation.

How to avoid being a victim of Vishing
Related article:
Vishing: What it is, how scammers operate, and how to avoid it

Follow us on Google News