(NEXSTAR) – A multi-phase scam credited with emptying the financial accounts of numerous Americans – many of whom were nearing the age of retirement – is again making headlines after the FBI recently issued a warning.
Unlike many scams, “Phantom Hacker” attacks often come in three distinct phases, each building on the last to thoroughly convince the victim to allow access to their funds.
“Victims often suffer the loss of entire banking, savings, retirement, or investment accounts under the guise of ‘protecting’ their assets,” the FBI said in a news release.
Aaron Rose, security architect manager at cybersecurity firm Check Point Software, told Nexstar in an email that the crooks often use victims’ personal interests against them. Fans of vintage cars, antique watches or other items might post publicly on social media, making them vulnerable to bad actors.
“Criminals use personal interests to make their criminal actions appear authentic which decreases the chances of being caught,” Rose said, adding, “AI technology can analyze social media content to detect personal interests and life milestones which allows it to generate messages that seem personalized.”
Since 2024, the scam has reportedly been used to steal over $1 billion in funds, with the majority of victims being at least 60 years old, according to FBI data.
“These attacks are not just simple phone calls or phishing emails—they’re complex operations that involve multiple impersonators, spoofed phone numbers, and coordinated follow-ups,” Scott Davis, chairman of the Cybersecurity Association of Pennsylvania, said in a recent interview. “Seniors are being tricked into believing they’re protecting their money, when in reality they’re handing it straight to criminals.”
‘Tech support’ and the first phase
While pretending to work in tech support for a legitimate company, the scammer will use a phone call, text, email or pop-up window to contact the victim.
Once the victim calls for tech support help, the scammer instructs them to download a program giving access to the victim’s computer. After pretending to check the device for viruses, the scammer will then suggest the victim open financial accounts to look for unauthorized charges.
After choosing an account to target, the scammer tells the victim to wait for a call from the “fraud department” of the bank or institution holding the funds.
A call from the ‘financial institution’
The next phase begins when a scammer, posing as an employee of a well known financial institution, calls the victim to inform them that their account has been hacked by someone overseas.
The only way to keep the money safe, the scammer says, is to move it to a third-party such as the Federal Reserve or a U.S. government agency, according to the FBI. The scammer helps organize the transfer, which is often broken into several transactions and may happen by wire, cash or crypto.
The ‘government’ representative
In an effort to legitimize the prior two phases, a scammer may impersonate an employee of the Federal Reserve or another agency.
If the victim starts to get suspicious, the scammer may send a follow-up letter using what appears to be official government letterhead, with the goal of convincing the victim that their funds continue to be “unsafe” and must be moved.
How to protect yourself – and others
Experts say there are a number of steps to take to safeguard yourself against the Phantom Hacker scam, tips that you should also share with family members and other loved ones who might be at risk.
“The simplest advice is the most important: never give remote access to your computer if someone calls you unexpectedly,” Rose said. “Do not move your money just because a caller says they are from your bank or the government. Hang up, call the number printed on your bank statement, and verify the situation for yourself.”
If you find yourself unsure of what to do, end the call and talk to someone you trust before taking any action, Rose said.
“Scammers rely on secrecy and pressure,” according to Rose. “Breaking that pattern by taking a step back and checking with someone else – a friend, family member, or official from your bank or local law enforcement agency – is often the best defense.”
The FBI encourages anyone who is the victim of a crime to contact the local field office or file a report at tips.fbi.gov. If the crime is internet-based, file a report with the Internet Crime Complaint Center (IC3).
