WASHINGTON, D.C. — The FBI has issued a warning about a multi-phase scam, dubbed the “Phantom Hacker” attack, that has reportedly stolen over $1 billion from numerous Americans, many of whom are nearing retirement age. According to FBI data, the majority of victims have been at least 60 years old.
Unlike simple phishing emails or phone calls, these attacks are complex, multi-phase operations involving multiple impersonators, spoofed phone numbers, and coordinated follow-ups. Victims often lose their entire banking, savings, retirement, or investment accounts under the guise of “protecting” their assets.
How the Scam Works
The “Phantom Hacker” scam typically unfolds in three distinct stages:
- Phase 1: The “Tech Support” Call – The scam begins with a call, text, email, or pop-up window from an impersonator pretending to be from a legitimate tech support company. The scammer instructs the victim to download a program that provides them with remote access to the victim’s computer. After a fake virus check, the scammer prompts the victim to check their financial accounts for unauthorized charges. The scammer then tells the victim to expect a call from the “fraud department” of their bank.
- Phase 2: The “Financial Institution” Call – A new scammer, posing as an employee from a well-known financial institution, calls the victim, claiming their account has been hacked by someone overseas. To “keep the money safe,” the scammer convinces the victim to move their funds to a third party, such as the Federal Reserve or another U.S. government agency. The scammer then helps organize this transfer, which can be made via wire, cash, or crypto and is often broken into several transactions.
- Phase 3: The “Government” Representative — In the final phase, a scammer may impersonate an employee of the Federal Reserve or another government agency to legitimize the previous two calls. If the victim becomes suspicious, the scammer may send a follow-up letter with what appears to be official government letterhead to convince them that their funds are still “unsafe” and must be moved.
Scott Davis, chairman of the Cybersecurity Association of Pennsylvania, notes that seniors are being tricked into believing they are protecting their money. Aaron Rose, a security architect manager at Check Point Software, explains that scammers often use victims’ personal interests against them. By analyzing social media, artificial intelligence (AI) can generate personalized messages that seem authentic, making it easier for criminals to exploit their targets.
How to Protect Yourself and Others
Experts advise several steps to avoid becoming a victim:
- Never give remote access to your computer to someone who calls you unexpectedly.
- Do not move your money just because a caller claims to be from your bank or the government. Instead, hang up and call the number on your bank statement to verify the situation yourself.
- Break the pattern of secrecy and pressure by talking to someone you trust, such as a friend, family member, or local law enforcement.
The FBI encourages anyone who has been a victim of this crime to contact their local field office or file a report at tips.fbi.gov. If the crime is internet-based, you should also file a report with the Internet Crime Complaint Center (IC3).
