The Phantom Hacker Scam
[The episode begins with a mid-tempo, slightly suspenseful musical track played on the waterphone.]
Jennifer-Leigh Oprihory: It starts with an unsolicited message: Call tech support for assistance.
It ends with you losing your life savings.
Tech support scams have cost thousands of victims—primarily older Americans—more than $500 million since 2023. And the threat is growing fast.
On this episode of our podcast, we’ll dissect one of these scams, known as the Phantom Hacker scam, so you that you can understand how it works and learn how to avoid becoming its next victim.
I’m Jennifer-Leigh Oprihory, and this is Inside the FBI.
[The Inside the FBI jingle kicks in. It's a bright and driving track.]
* * *
[A synthesizer-led variation on the episode's introductory track begins, and repeats throughout the remainder of the episode.]
The phantom hacker scam has three phases. Each phase is led by a different scammer pretending to be someone they aren’t. And the role each impostor plays is designed to get you to trust the scam more with each coming phase.
In the first part of the charade, known as the tech support impostor phase, you get a message asking you to contact a certain phone number for "assistance." The message might come as a call, text, email, or computer popup.
After you call that number, a person who seems to be a customer service representative explains that you—and your money—might be at risk. And that the only way to know for sure is to download a remote access program to let tech support take a look.
If the scam goes as planned, you then download the program to grant the so-called "tech support" person access to your computer.
Then, the scammer tells you that the resulting "scan" of your computer has revealed that you’ve either already been hacked or that you’re likely to get hacked in the future. And that means your bank accounts are in trouble.
Next, the fake tech support person asks you to pull up your financial accounts on your computer, claiming that they want to help you identify any accounts that need protection from these hackers.
But, in that moment, you’re actually giving the scammer a guided tour of your most lucrative accounts—which they’ll target in the second part of the scam.
Finally, the fake tech support person assures you that a banking official will call you to help you secure your at-risk accounts.
This brings us to phase two of the phantom hacker scam, known as the financial iInstitution impostor phase.
In this phase, a second scammer works to make the first scammer look trustworthy—by giving you the call they promised you’d receive from your bank, brokerage firm, or other financial institution.
The only problem is that this caller, too, is a fake.
When the call comes in, this second impostor warns you that a foreign hacker has compromised your accounts. The only way to recover your money, they then say, is to move it to an allegedly "safe" third-party account with the Federal Reserve or another U.S. government agency.
This fake financial representative then gives you instructions for moving your money to that new account.
They tell you to use a wire transfer, cash, or cryptocurrency to move the funds. They may tell you to send the money directly to people in other countries. And you may be instructed to transfer the money over the course of multiple transactions over multiple days or even months.
And, somewhat unsurprisingly, they tell you to keep the reason you’re moving your money a secret.
Phase three of the phantom hacker scam—known as the U.S. government impostor phase—then looks to seal the deal by cementing your trust in the scam.
In this part of the ploy, the final impostor pretends to be an employee from the Federal Reserve or another U.S. agency. They stress how "unsafe" your money is and the urgent need to move those funds until you give into the scam.
And if you get savvy and suspect they might not be who they say they are, the impostor produces a fake "official" communication—either an email or a letter—written on authentic-looking letterhead to sell you on both their identity and the authenticity of the scam.
* * *
If you or a loved one suspect that you may have fallen victim to the phantom hacker scam, you should report it to both your local FBI field office and to the Bureau’s Internet Crime Complaint Center, or IC3, at ic3.gov.
Your report should include as much information as possible, starting with the name of the person or organization who contacted you.
The report should also explain how they communicated with you—whether by phone, email, or a website—and include any of those phone numbers, email addresses, or website addresses you might have handy.
Finally, if you were victimized by this scheme and sent your money to these scammers, include any bank account numbers or cryptocurrency wallets you transferred money to, along with the recipients’ names (if you have them), in your report.
* * *
The phantom hacker scam is designed to be persuasive, but you can protect yourself by staying vigilant. Here are some tips from the FBI’s Internet Crime Complaint Center:
First, don’t click on unsolicited computer pop-ups, links you receive via text messages or links in emails or email attachments.
Next, if one of these pop-ups, text messages, or emails asks you to dial a phone number, don't do it.
Third, if someone you don’t know contacts you and asks you to download software—no matter who they say they work for—don't do it.
Fourth, never hand over control of your computer to someone you don't know.
Finally, remember that the U.S. government will never ask you to wire money to a foreign account, nor will it ask you to send anyone money in the form of cryptocurrency or gift cards. If someone claims to be a government employee and asks you to do this, they're an impostor.
You can visit fbi.gov/scams to learn more about commons scams and crimes and how to report suspected incidents to the Bureau.
You can also check out ic3.gov’s library of public service announcements to educate yourself on similar schemes and learn how to safeguard your money from scammers. You can access these PSAs by visiting ic3.gov, then clicking on "Consumer Alerts" in the menu at the top of your screen.
* * *
This has been another production of Inside the FBI. You can follow us on your favorite podcast player, including Spotify, Apple Podcasts, Google Podcasts, and YouTube. You can also subscribe to email alerts about new episodes at fbi.gov/podcasts.
I’m Jennifer-Leigh Oprihory from the FBI’s Office of Public Affairs. Thanks for tuning in.
[The background music fades out.]