NetworkTigers discusses phantom hacker scams.
Hacks, ransomware attacks, and other types of cyber extortion affect thousands of people by breaching major corporations, healthcare organizations, and government entities. Preventing crimes of this nature is critical to keeping sensitive data safe. However, it’s important to note that cybercriminals also set their sights on individuals, hoping to part vulnerable people from their credit card numbers, bank accounts, and more.
A particularly callous scam of this type is the Phantom Hacker scam, which has become so prevalent that the FBI recently issued a warning detailing how the scheme works and how to prevent getting ripped off.
What is the Phantom Hacker scam?
According to the FBI’s public service announcement, Phantom Hacker scams are a sophisticated new evolution of typical tech support scams in which individuals pose as imposter customer support agents to gain the trust of their victims, who are typically senior citizens led to fear that their life savings are in danger.
This form of social engineering is especially insidious, as it requires manipulating a victim into believing their funds are at risk and then continuing to personally engage with them through the process of stealing them.
Phantom Hacks are on the rise, with the FBI reporting that between January and June of 2023, 19,000 tech support scams were submitted to the FBI Internet Crime Complaint Center (IC3). Victim losses are estimated to be over $542 million.
Nearly half of the victims are reported to have been over 60 years old, and, as of data collected in August of 2023, financial losses have exceeded those reported in 2022 by 40%.
Seniors are frequently targeted by fraudsters, with tech support-related scams being most commonly reported.
How does the Phantom Hacker scam work?
The Phantom Hacker scam is deeply layered, made up of three phases designed to instill fear into the targeted victim and gain their trust.
Phase 1: tech support imposter
In the first phase of this hack, a scammer will contact a victim through a text message, phone call, email, or pop-up window. They will pose as a concerned customer support representative from a legitimate company and provide a phone number for the victim to call for help.
Upon calling the phone number, the victim will be instructed to download software that gives the scammer remote access to their computer. During this process, the scammer will falsely purport to run a virus scanner on the target’s system and claim that their computer has either been hacked or is in danger.
The final step in this phase sees the scammer instruct the victim to open their financial accounts to ensure their funds are safe and have not been stolen. This clues the scammer into what accounts may contain the most funds, as the victim will likely zero in on those first. Once the most lucrative account has been revealed, the scammer tells the victim that a support representative from the appropriate financial institution will call them with further instructions.
Phase 2: financial institution imposter
A scammer alleging to be from the financial institution selected then reaches out to the victim, warning them that a hacker has breached their accounts and that the only way to keep their savings protected is to move said funds into a third-party account, typically with the Federal Reserve or a different government agency.
The next step of this phase sees the victim manipulated into moving money, by wire transfer, cash, or other means suggested by the scammer, into an account administered by the threat actors at work. This may come as a single transaction or separate smaller ones over time.
As this occurs, the victim is instructed to keep the reason for the money transfers a secret. For their “safety,” of course.
Phase 3: government agent imposter
This phase of the Phantom Hacker scam may not always be employed, as it is intended to come into play if a victim shows signs of suspicion towards the previous efforts.
If the scammers feel that their intended target isn’t taking the bait as expected, they may reach out to them posing as a Federal Reserve employee or other government authority figure. Using official government letterheads and language, the victim will continue to be told that their savings are in danger and must be transferred to an “alias” account to protect them.
How to prevent Phantom Hacker scams
Because Phantom Hacker scams rely so heavily on personal interaction, manipulation, and social engineering, there are no mechanical or automatic means to protect people from them. As with many scams, the only defense is to identify fraudulent messaging and practice safe habits regarding interactions with strangers online or over the phone.
According to a statement from FBI Special Agent in Charge Robert Tripp, Phantom Hackers are “cold and calculated… targeting older members of our community who are particularly mindful of potential risks to their nest eggs. The criminals are using the victims’ attentiveness against them. By educating the public about this alarming new scam, we hope to get ahead of these scammers and prevent further victimization.”
To stay safe from Phantom Hacker scammers, the FBI encourages people to follow these best practices:
- Never click on unsolicited pop-up ads, links received via text messages or messaging apps, email links, or attached files.
- Do not call any phone numbers seen in texts, pop-ups, or emails.
- Never allow an unknown person who contacted you to take remote control of your computer or look into your system.
- Never download software that someone else is pushing on you after contacting you.
- Never move funds at the request of a stranger who contacted you. The government will never demand that individuals transfer personal finances to outside accounts.
How to report a Phantom Hacker scam
Those targeted by Phantom Hacker scams or other online fraud should report the activity to a local FBI field office immediately and to the FBI IC3 at www.ic3.gov.
The agency specifically requests that the following details be included in the report:
- The name of the person or company that contacted you.
- Methods of communication used include websites, emails, and telephone numbers.
- The bank account number(s) to which the funds were wired and the recipient’s name(s).
