The FBI says people need to be aware of a new scam that some have dubbed “The Phantom Hacker.”

In a statement released on Oct. 17, officials say some victims lost their entire life savings as a result of the scam.

Here’s what you should know about the scam, and what you can do to protect yourself, and potentially others.

How does the scam work?

According to the FBI, there are three steps to the scam, all of which involve impersonation.

Tech Support Impostor

In the first step, FBI officials said a scammer will pose as a customer support representative from a legitimate tech company. That person will initiate contact with the victim via phone call, text, e-mail, or a pop-up window on the victim’s computer, instructing them to call a number for so-called assistance.

“Once the victim calls the phone number, a scammer directs the victim to download a software program allowing the scammer remote access to the victim’s computer,” read a portion of FBI officials’ statement. “The scammer pretends to run a virus scan on the victim’s computer, and falsely claims the victim’s computer either has been or is at risk of being hacked.

The scammer, according to FBI officials, will then ask the victim to open their financial accounts to determine whether there have been any unauthorized charges. That, officials say, is actually a tactic to allow the scammer to determine which financial account is the most lucrative.

“The scammer informs the victim they will receive a call from that financial institution’s fraud department with further instructions,” read a portion of the statement.

Financial Institution Impostor

FBI officials in the second step, a scammer will pose as a member of a financial institution’s fraud department (for example, a bank or a brokerage firm), and contact the victim.

“The scammer falsely informs the victim their computer and financial accounts have been accessed by a foreign hacker, and the victim must move their money to a ‘safe’ third-party account, such as an account with the Federal Reserve or another U.S. Government agency,” read a portion of the statement.

The victim, according to the statement, is then directed to transfer money via wire transfer, cash, or wire conversion to cryptocurrency, and often directly to recipients overseas.

“The victim is also told not to inform anyone of the real reason they are moving their money,” read a portion of the statement. “The scammer may instruct the victim to send multiple transactions over a span of days or months.”

Government Impostor

In the third step, FBI officials say the victim may be contacted by someone posing as the Federal Reserve or another Federal agency.

“If the victim becomes suspicious, the scammer may send an email or a letter on what appears to be official U.S. Government letterhead to legitimize the scam,” read a portion of the statement.

The scammer, according to FBI officials, will emphasize that the victim’s funds are ‘unsafe,’ and that the funds must be moved into a new ‘alias’ account, under the guise of ‘protecting their assets.’

“In reality, there was never any foreign hacker, and the money is now fully controlled by the scammers,” read a portion of the statement.

Who’s being targeted?

In their statement, FBI officials say scammers tend to target typically older victims.

How much money has been lost as a result of the scam?

FBI officials did not release any numbers as to losses associated with the Phantom Hacker scam.

As mentioned above, FBI did say some of those who were targeted lost their whole life savings.

As a whole, officials with the FBI’s Internet Crime Complaint Center (IC3) stated in March 2023 that for the year 2022, they received a total of 800,944 reported complaints, with losses exceeding $10.3 billion.

“Interestingly, while the total number of complaints decreased by 5%, dollar losses increased significantly by 49%,” read a portion of IC3’s statement.

What do I need to do to keep myself (and others) safe?

FBI officials have some tips for people on what they can do to protect themselves from the scam. They include:

  • Not clicking on unsolicited popups, links sent via text or e-mail
  • Not opening unsolicited attachments
  • Not calling the phone number provided in a pop-up, text, or e-mail
  • Not downloading software at the request of an unknown person who contacted you
  • Not allowing an unknown person who contacted you to have control of your computer

In addition, FBI officials say the U.S. Government will never ask people to send money to them via wire transfer, cryptocurrency, gift cards, or prepaid cards.

In a separate article on scams published by the Associated Press, Identity Theft Resource Center Chief Operating Officer James Lee urged consumers to hang up if they received a suspicious call, and call the company or institution at an official number instead.

Can I report these scammers?

FBI officials say people should report these fraudulent or suspicious activities to IC3, and include as much information as possible in the report, such as:

  • The name of the person or company that contacted you
  • What the scammer used to contact you (for example: website, e-mail, phone, etc)
  • The bank account number where funds were wired to (if money was wired) and the recipients’ names

Internet Crime Complaint Center (IC3)

https://www.ic3.gov/