Summary of the "Phantom Hacker" Scam
Based on a warning from the FBI and cybersecurity experts, a three-phase "Phantom Hacker" scam is actively draining bank accounts, particularly targeting senior citizens. This scheme has already cost Americans over $1 billion. The scam is broken down into three phases:
Phase 1: The Tech Support Impostor - Scammers initiate contact, often through an unsolicited pop-up, text, or email, impersonating a tech support representative from a well-known company. They convince the victim that their computer has a virus or has been hacked and persuade them to grant remote access. During this phase, they also instruct the victim to open their financial accounts to "check for unauthorized charges," which allows the scammer to identify the most lucrative account to target.
Phase 2: The Financial Institution Impostor - The scammer, now posing as a bank or brokerage firm representative, calls the victim. They claim the victim's funds have been compromised by a "foreign hacker" and must be immediately moved to a "safe" third-party account, often presented as being with the Federal Reserve or another government agency. The victim is then instructed to wire transfer or send cash or cryptocurrency to the scammer's account, often in multiple transactions over time.
Phase 3: The U.S. Government Impostor - If the victim becomes suspicious, the scammer may continue the charade by impersonating a U.S. government employee. They may send official-looking documents to legitimize the scam and continue to pressure the victim to move their funds to a so-called "alias" account for protection.
Recommendations for Individuals and Families
To protect yourself and your loved ones from this scam, the FBI and cybersecurity experts offer these recommendations:
Do not click on unsolicited links or pop-ups: Avoid clicking on links in unexpected emails or text messages, or responding to pop-up windows that claim your computer is at risk.
Hang up on suspicious calls: Do not provide personal or financial information to anyone who calls you unexpectedly, even if they claim to be from a tech company, bank, or government agency. Hang up and call the institution directly using a verified phone number.
Never grant remote access: Do not download software or grant remote access to your computer at the request of an unknown individual.
Verify all requests for money: The U.S. government will never request that you send money to them via wire transfer, cryptocurrency, or gift cards. Any request for such payment is a major red flag.
Discuss scams with family: Have open conversations with family members, especially seniors, about common scam tactics and how to identify red flags.
Set up a "code word" for family: A family "code word" can be a simple way to verify the identity of a loved one calling for help, especially with the use of AI in voice cloning.
Online Resources
If you or someone you know has been a victim of a scam, it is crucial to report it.
Internet Crime Complaint Center (IC3): ic3.gov is the central hub for reporting all types of cyber-enabled crime and is run by the FBI.
Federal Trade Commission (FTC): ReportFraud.ftc.gov is a comprehensive resource for reporting all types of fraud.
IdentityTheft.gov: Provides a step-by-step recovery plan for victims of identity theft.
FBI Resources: The FBI's website has a dedicated section on common frauds and scams, with tips and information on how to protect yourself.
