Trending:

Visit figfcu.org

Money Matters

Your Credit Union Newsletter

Money Matters by Farmers Insurance Federal Credit Union
You are at:»»The “Phantom Hacker” Playbook—And How to Shut It Down
Man in a black hoodie behind a computer screen.

The “Phantom Hacker” Playbook—And How to Shut It Down

0
Posted on Fraud Tips

By Voung H.
Voung oversees AML/BSA, fraud prevention, and sanctions compliance and is responsible for building data-driven controls and partners across the FIGFCU to safeguard Members and stop emerging threats.

Summary

  • The Phantom Hacker scam involves many individuals in a coordinated attack
  • Scammers may ask for remote access, pressure you to move your money, or tell you to keep their conversations with you and the actions you take a secret
  • Never grant access or move money if asked, always verify info, and use layered security
  • Contact the FBI if you’ve been a victim of a Phantom Hacker attack

The FBI recently sent out an alert about a multi-step con that’s draining Americans’ nest eggs—especially people nearing retirement. The “Phantom Hacker” scam doesn’t rely on a single scary encounter; it strings together coordinated impersonations to trick you into “protecting” your money by handing it over to the scammer. If you’re unfamiliar with the Phantom Hacker scam, keep reading to learn how it works and the simple things you can do to shut it down.

Why is this scam is so convincing?
Posting on social media is a great way to connect with family and friends, as well as others who share your interests. However, public posts about hobbies—such as classic cars, vintage watches, and collectibles like coins and cards—become bait for fraudsters. Tools powered by AI can mine social media for interests and milestones, then create messages that feel custom-written just for you. Add spoofed caller IDs (phone numbers that look like they’re from a trusted source), official-sounding terminology, and tight choreography, and the scheme feels authentic. Since 2024, losses due to Phantom Hacker scams have topped half a billion dollars, with the majority of victims being aged 60 or older.*

The three-act fraud.

Act 1: The fake tech support helper
The scam begins with a pop-up, text, email, or call claiming to be from the tech support department of a legitimate company. The “agent” urges you to install remote-access software on your computer so they can “remove malware” or other suspicious technology. Here’s what’s really happening. If you install the software, you’re giving the scammer an open door to your computer and all of your information. After a theatrical scan, the scammer will tell you to check your bank or investment accounts for “unauthorized activity,” priming you for the next bad actor in the scam.

Act 2: The pretend financial institution fraud team
Soon after they access your computer, a second impostor—this time posing as your bank, credit union, or brokerage firm—contacts you. They warn that foreign hackers have accessed your accounts and say that your funds are at imminent risk of being stolen. Their “solution” is to move your money to a safe location, such as an account with the Federal Reserve or another government agency. The truth is, they are having you move your money to their account. They may ask you to split up and route the funds by wire, cash, or cryptocurrency to avoid detection.

Act 3: The bogus government imposter.
To cement the illusion, a third caller claims to be from a U.S. agency (often the Federal Reserve). They may send convincing documents with copied U.S. government logos and letterhead to legitimize the scam, insisting your funds remain unsafe until transferred to their fake government account. Every step is designed to frighten you, make you feel you must take immediate action, and isolate you from friends and family.

Red flags to look out for.
Here are a few warning signs that indicate someone is trying to deceive you:

  • Anyone asking for remote access to your computer out of the blue is suspicious and potentially a fraudster.
  • Being pressured to move money for safety to a “holding” or “government” account is a false claim.
  • Spoofed numbers that look like your bank’s phone number on your caller ID.
  • Instructions to keep the conversation secret or ignore family and bank employees.

Simple rules that stop the scam in its tracks.
If you think it’s fraud, stop, take a breath, and take positive action to protect yourself.

  1. Never grant remote access to a stranger who contacts you. End the encounter; power off your computer or phone if needed, or hang up your phone. Do not click on any unsolicited pop-ups, links sent via text messages, or email links or attachments.
  2. Don’t move money because someone on the phone or a pop-up told you to. Legitimate institutions WILL NOT ask you to transfer funds to “safe” third-party accounts.
  3. Hang up and verify using a trusted number (the one on your bank card statement or legitimate website). Call back on your own phone, not via a link or number provided by the caller.
  4. Break the secrecy. Talk to a spouse, adult child, friend, or branch manager before taking any action. Scammers thrive on isolation and urgency.
  5. Limit your digital footprint. Make your social media private; think twice before posting about your interests, purchases, or travel in real time.
  6. Use layered security. Enable account alerts, multifactor authentication, and strong, unique passwords. Keep your devices updated and protected with reputable security software.

What to do if you think you’ve been targeted (or already sent money).
In the event you have been scammed, please do the following:

  • The FBI asks that you report these fraudulent or suspicious activities to your local FBI field office and the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov. Quick reporting improves recovery chances and helps protect others.
  • Notify law enforcement. If you feel you’ve been a victim of a crime, notify your local law enforcement immediately.
  • Stop contact immediately. Disconnect remote sessions, hang up, and block numbers.
  • Call all your financial institutions using a published number to freeze or flag accounts and attempt recalls. Our phone number is 800.877.2345.
  • Change passwords and PINs on affected accounts and email. This includes your email passwords, social media passwords, etc. Review our recent blog about the benefits of regularly changing your PIN.
  • Tell your social circle. Share what happened with family, friends, and colleagues—awareness prevents the next loss.

Final thoughts.

The “Phantom Hacker” scam is effective because it appears real and happens in stages that gradually build trust. Your best defense is simple: Refuse remote access, never transfer funds on command, verify through official channels, and involve someone you trust, like us. A calm pause and one independent phone call can preserve a lifetime of savings.

REMEMBER: WE WILL NEVER CALL OR TEXT YOU ASKING FOR YOUR PRIVATE INFORMATION, SUCH AS YOUR SOCIAL SECURITY NUMBER, ACCOUNT, OR CREDIT CARD NUMBER, USERNAME, PASSWORD, ONE-TIME PASSCODE, ETC., OVER THE PHONE OR COMPUTER UNLESS YOU INITIATED THE CALL DIRECTLY TO FIGFCU.

If you receive a call from someone claiming to be a Credit Union employee and they ask for your account information (such as your online banking username, password, one-time passcode, credit card number, account number, etc.), do not give them any information. Even if the caller has an identifying piece of information or the call appears to be from our 800 number. This call is NOT legitimate. Scammers can spoof phone numbers to make it appear that the call is coming from a trusted source. The Credit Union will not call you and ask for this information. Hang up and contact us directly at 800.877.2345.

*Internet Crime Complaint Center (IC3). “”Phantom Hacker” Scams Target Senior Citizens and Result in Victims Losing their Life Savings.” 29 September 2023. Accessed 7 October 2025.

Share this article

Related Posts