The FBI on Friday issued a public service announcement warning senior citizens of “a recent nationwide increase in ‘Phantom Hacker’ scams” that are wiping out victims’ life savings.
“Between January and June 2023, 19,000 complaints related to tech support scams were submitted to the FBI Internet Crime Complaint Center (IC3), with estimated victim losses of over $542 million,” according to the FBI. “Almost 50% of the victims reported to IC3 were over 60 years old, comprising 66% of the total losses.”
“As of August 2023,” the bureau added, “losses have already exceeded those in 2022 by 40%.”
“The Phantom Hacker scam shares many similarities with other online scams,” reports Tom’s Guide, “but its complexity is how this particular scam has managed to trick so many victims in such a short time.”
It begins with a phony customer service rep.
“A scammer posing as a tech or customer support representative from a legitimate company contacts the victim through a phone call, text, email, or a pop-up window on the victim’s computer and instructs the victim to call a number for ‘assistance,'” the FBI explains. “Once the victim calls the number, a scammer directs the victim to download a software program, allowing the scammer remote access to the victim’s computer. The scammer pretends to run a virus scan on the victim’s computer and falsely claims the computer has been or is at risk of being hacked.”
From there, the scammer “requests the victim open their financial accounts to determine whether there have been any unauthorized charges – a tactic the scammer uses to determine which financial account is most lucrative for targeting.”
Once a victim is identified, the scammer instructs its mark to wait for a phone call from “the fraud department of the respective financial institution hosting that account,” during which they will receive further instructions.
For “Phase 2” of the scam, another imposter claiming to be from the mentioned financial institution, “such as a bank or a brokerage firm,” calls the victim.
“The scammer falsely informs the victim their computer and financial accounts have been accessed by a foreign hacker and the victim must move their money to a ‘safe’ third-party account, such as an account with the Federal Reserve or another US Government agency,” according to the FBI. “The scammer directs the victim to transfer money via a wire transfer, cash, or cryptocurrency, often directly to overseas recipients. The scammer may instruct the victim to send multiple transactions over a span of days or months.”
The trusting victim is instructed to not disclose to anyone “the real reason they are moving their money.”
“Phase 3” of the scam introduces someone posing as a U.S. Government agency employee or a Federal Reserve worker.
“If the victim becomes suspicious of the government imposter, the scammer may send an email or a letter on what appears to be official US Government letterhead to legitimize the scam,” the FBI warns.
All along, the victim is repeatedly told their funds are “unsafe” and transferring their money to an “alias” account is the only way to protect themselves from theft.
“Phantom Hacker scams are certainly complicated and involve a number of different people and steps. However, this is why they’ve been so successful,” cautions Tom’s Guide. “For this reason, you need to be extra careful when dealing with unsolicited phone calls, texts or emails.”
To guard against such insidious schemes, the FBI offers the following tips:
- Do not click on unsolicited pop-ups, links sent via text messages, or email links or attachments.
- Do not contact the telephone number provided in a pop-up, text, or email.
- Do not download software at the request of an unknown individual who contacted you.
- Do not allow an unknown individual who contacted you to have control of your computer.
- The US Government will never request you send money via wire transfer to foreign accounts, cryptocurrency, or gift/prepaid cards.
Victims are encouraged to report fraudulent or suspicious activities to their local FBI field offices and the FBI IC3 at www.ic3.gov.
The devil is in the details, so be sure to include the name of the person or company that contacted you; the methods of communication used, including websites, emails, and telephone numbers; and the bank account number(s) where the funds were wired to and the recipient’s name(s).