What the phantom hacker scam is and why everyone should be scared

Halloween is still a few weeks away, but the FBI has already warned of one spooky-sounding horror that is just as scary as it counts: the phantom hacker scam.

The FBI’s public service announcement states that this is a nationwide scam and significantly impacts older citizens. However, the lessons to be learned are of equal relevance to individuals and businesses around the world.

Jump to:

What is a phantom hacker scam?

The phantom hacker scam isn’t new. Indeed, it’s based on the same tech support fraud model that has been conning individuals and businesses out of money for over a decade. “Between January and June 2023,” the FBI announcement states, “19,000 complaints related to tech support scams were submitted to the FBI Internet Crime Complaint Center (IC3), with estimated victim losses of over $542 million.”

Of course, as more people become aware of the infamous Microsoft Tech Support fakers, the scammers need to evolve to keep scamming. The phantom hacker scam is just such an evolution and comes in two or three phases.

Jump scare! Voice-cloning scams: AI strikes again

How a phantom hacker scam works

A phantom hacker scam starts with an initial technical support contact via email, telephone or text, informing the ‘mark’ that they need to call a direct support number.

This gives the fraudster an opportunity to convince the user to download remote access software so the supposed technician can check for any suspicious activity. The final part of this first phase involves getting the user to open their banking account to look for unauthorised charges and informing them that someone from the bank will call right back.

Enter the fraudulent person from the bank or brokerage and the start of phase two.

This is where the scammer confirms the device and related account have been compromised by a hacker. Balances must be moved to a “safe” third-party account. Scammers might claim this belongs to government, law enforcement or a financial institution.

In reality, of course, it will belong to the attackers themselves. Your friendly scammer will say they intend to trick the hacker, so you must not tell anyone and follow all instructions carefully.

The final act of this fraudulent trilogy kicks in if the first two don’t convince the victim to cooperate. A scammer posing as a law enforcement or government agency will get in touch to continue the narrative that monies need to be moved to an ‘alias’ account to protect the user while entrapping the phantom hacker.

Lessons for small business owners

The smallest businesses often have little to no cybersecurity budget and a similar amount of real-world threat protection. This makes them just as ripe a low-hanging fruit as older citizens. And if you think you’re too knowledgeable to be tricked, these scammers have amazing persuasive skills backed by a proven methodology.

The good news? The same tech support scam mitigation advice applies just as well to small business owners as it does to members of the public.

First: trust nobody, question everything. A technician from an organisation you have no contract with will not call you out of the blue. If you have a tech support contract, then contact methods will be well established to ensure validity. Nor will a bank or government agency randomly contact you about a potential hacker in your system.

If you suspect there may be something in the narrative that is being spun, then turn the tables. Ask for a reference number and contact name, then tell the caller/emailer/texter that you will call them back.

Here’s a list of handy things to NEVER DO:

  • Never click on a link they have provided, or call a number given by them. Instead, use a search engine (or existing, genuine, correspondence) to determine a real contact number for the organisation.
  • Never download software that you’re asked to install by someone unknown to you. Period.
  • Never share credentials or sensitive financial data with anyone. Being asked to do so is a massive red flag and should be recognised as such.

There’s a line from the Phantom of the Opera musical that goes: “Promise me that all you say is true, that’s all I ask of you.” If only real life were that simple, especially under duress, but being forewarned can help you and your employees stay safe from this kind of scam.

Avatar photo
Davey Winder

With four decades of experience, Davey is one of the UK's most respected cybersecurity writers and a contributing editor to PC Pro magazine. He is also a senior contributor at Forbes. You can find him at TechFinitive covering all things cybersecurity.