There is already a variant where they try to get someone to say „yes“ and just use a recording of it to use as „proof“ that you agreed to some contract.
I actually don’t answer unknown callers with “hello” or any words actually. I simply just say “mmmhhmm” or make a dumb sound if it is automated it will trigger the automatic message. Someone asked why and I said voice cloning software they said wtf you have nothing to steal. Just feels risky idk why.
You probably not going to get a voice clone from someone saying "hello?" 100 times. However, you don't really need to "MFA Bomb" people to clone their voice, just call them with a plausible sounding reason that will cause them to engage in an extended conversation (eg. "hey this is your uber/doordash driver/doctor/school/daycare).
Another reason to not to use phone (or the numbers) calls to verify users even with so called 'voice identification or voice ID' which can easily be broken with advanced voice cloning.
Recently I was baffled how far we've come with this. It doesn't work perfectly, but could be enough to fool someone. Just one pip install and a short voice sample away: https://github.com/coqui-ai/TTS