Beware of Phantom Hacker Scams: Warns FBI
The FBI has warned Americans about a three-phase cyber scam known as the Phantom Hacker Scam. Threat actors are employing a three-phase hacking strategy to gain unauthorized access to the financial accounts of their victims. The primary targets of the Phantom Hacker scam are mainly elderly individuals nearing retirement age.
The three-phase strategy is used by cybercrooks to earn the trust of the victims so that later they can wipe out their bank accounts conveniently. It is because of this element of zero susceptibility that victims often lose their life savings or retirement funds to the Phantom hacking attacks.
Phantom hacker scam
This three-pronged cyberattack has so far resulted in a loss of over $1 billion in America since 2024. Most of the victims of Phantom hackers are over 60 years old, who have one or the other personal interests and love to flaunt them on social media platforms. For example, some of the victims were vintage car fans, while others were antique watch enthusiasts.
Phantom hackers do not merely rely on phishing emails or phone calls to break into your financial accounts. Rather, based on research, technology, and a streamlined process in place, the threat actors manage to rob unsuspecting individuals effortlessly.
Phase 1: Tech support impostor
This is the first phase of the Phantom hacking scam, where a tech support impostor contacts the victim via text messages, malicious emails, or a phone call. This initial contact is designed to direct naive victims to download specific programs, which will enable cybercriminals to gain remote access to the victim’s computer.
Once this is done, the hacker will pretend to go through the device for virus scanning. Next, the threat actor asks the victim to open their financial accounts and “determine whether there have been any unauthorized charges.” During this step, the hacker selects a financial account to target later and then ends the call with the victim, telling them that they will get a call from the “fraud department” of their bank.
Phase 2: Fake call from a financial institution
This step involves a threat actor who connects with the victim over a phone call, pretending to be from the bank or financial institution where the victim has an account. This impostor claims that the funds in the victim’s account have been “accessed by a foreign hacker” and that the bank needs to move the funds to a safe and secure third-party account.
Next, the victim is instructed to use wire transfer, cryptocurrency, or even cash to move the funds to the “safe” account within the next couple of days through multiple transactions.
Phase 3: Government agency impersonation
This is the last blow of the three-pronged attack, where a scammer poses as a US government employee and approaches the victim over a phone call in order to compel them to move their “unsafe” funds to a “safe” account for security purposes. This call is done to legitimize the previous call and gain the final trust of the victim.
In case the victim seems a little suspicious, the threat actor even sends a follow-up letter while impersonating official government letterhead.
Impact of Phantom hacking on victims!
According to Pete Nicoletti, the Chief Information Security Officer at Check Point, the Phantom hacking scams have proven to be “severely devastating” to their victims. The majority of these victims are retired individuals or those nearing retirement age. They don’t have enough digital knowledge, and they also have a certain amount of funds secured in their bank accounts. This is what makes them a valuable target for the cybercrooks.
Threat actors use artificial intelligence to study the personal interests or hobbies of their targets, which helps them sound more convincing and genuine when approaching victims.
How to protect yourself from Phantom hackers!
Staying vigilant is the number one strategy to safeguard your savings from the prying eyes of the Phantom hackers. Also, staying well-informed about cybersecurity mechanisms is yet another strategy that you and your loved ones should follow.
You must also practice strong phishing protection by avoiding giving remote access to anyone who calls you unexpectedly. If someone asks you to move your funds to a third-party account while claiming to be from your bank or a government agency, hang up immediately. Then, contact your bank directly using the official number listed on your bank statement to verify the situation safely.
Nicoletti believes that families must sit down together at dinner and discuss cybersecurity and Phantom hacking scams.
He further adds that the chance of the victims getting their money back is merely 10%-15%, that too, if they manage to inform the concerned authorities on the same day of the cyber mishap.