--- title: "Beware of Phantom Hacker Scams: Warns FBI | Phish Protection" description: "Beware of Phantom Hacker Scams: Warns FBI https://media.mailhop.org/phishprotection/images/2025/09/Beware-of-Phantom-Hacker-Scams-Warns-FBI." image: "https://phishprotection.com/og/blog/beware-of-phantom-hacker-scams-warns-fbi.png" canonical: "https://phishprotection.com/blog/beware-of-phantom-hacker-scams-warns-fbi/" --- Quick Answer by Phishing Protection https://media.mailhop.org/phishprotection/images/2025/09/Beware-of-Phantom-Hacker-Scams-Warns-FBI.mp3 The FBI has warned Americans about a three-phase cyber scam known as the Phantom Hacker Scam. Threat actors are employing a three-phase hacking strategy to gain unauthorized access to the financial accounts of their victims. The primary targets of the Phantom Hacker scam are mainly elderly individuals nearing retirement age. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbeware-of-phantom-hacker-scams-warns-fbi%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Beware%20of%20Phantom%20Hacker%20Scams%3A%20Warns%20FBI&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbeware-of-phantom-hacker-scams-warns-fbi%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbeware-of-phantom-hacker-scams-warns-fbi%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fbeware-of-phantom-hacker-scams-warns-fbi%2F&title=Beware%20of%20Phantom%20Hacker%20Scams%3A%20Warns%20FBI "Share on Reddit") [ ](mailto:?subject=Beware%20of%20Phantom%20Hacker%20Scams%3A%20Warns%20FBI&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fbeware-of-phantom-hacker-scams-warns-fbi%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2025/09/cyberattack.jpg) ##### Beware of Phantom Hacker Scams: Warns FBI by **Phishing Protection** ``` ``` The[FBI has warned](https://www.cbsnews.com/news/fbi-warns-elder-fraud-crime-rates-rising-scammers-steal-billions-each-year/)Americans about a three-phase cyber scam known as the Phantom Hacker Scam. Threat actors are employing a three-phase hacking strategy to gain**unauthorized access**to the financial accounts of their victims. The primary targets of the Phantom Hacker scam are mainly elderly individuals nearing retirement age. The three-phase strategy is used by cybercrooks to earn the trust of the victims so that later they can wipe out their**bank accounts**conveniently. It is because of this element of zero susceptibility that victims often lose their life savings or retirement funds to the Phantom hacking attacks. ![Cyberattack](https://media.mailhop.org/phishprotection/images/2025/09/cyberattack.jpg) ### **Phantom hacker scam** This three-pronged cyberattack has so far resulted in a loss of over[$1 billion](https://www.foxnews.com/us/fbi-warns-seniors-about-billion-dollar-scam-draining-retirement-funds-expert-says-ai-driving)in America since 2024\. Most of the victims of Phantom hackers are over 60 years old, who have one or the other personal interests and love to flaunt them on**social media platforms**. For example, some of the victims were vintage car fans, while others were antique watch enthusiasts. [Phantom hackers](https://www.consumeraffairs.com/news/fbi-renews-warning-about-phantom-hacker-scam-072525.html)do not merely rely on phishing emails or phone calls to break into your**financial accounts**. Rather, based on research, technology, and a streamlined process in place, the threat actors manage to rob unsuspecting individuals effortlessly. ![Key Statistics Anti Phishing Protection](https://media.mailhop.org/phishprotection/images/2025/09/Key-Statistics-Anti-Phishing-Protection.jpg) ### **Phase 1: Tech support impostor** This is the first phase of the Phantom hacking scam, where a[tech support](/phishing/latest-tech-support-scams-involving-phishing-attacks)impostor contacts the victim via text messages, malicious emails, or a phone call. This initial contact is designed to direct naive victims to download**specific programs**, which will enable cybercriminals to gain remote access to the victim’s computer. ![Bank scam](https://media.mailhop.org/phishprotection/images/2025/09/bank-scam.jpg) Once this is done, the hacker will pretend to go through the device for virus scanning . Next, the threat actor asks the victim to open their financial accounts and “determine whether there have been any unauthorized charges.” During this step, the hacker selects a financial account to target later and then ends the call with the victim, telling them that they will get a call from the “**fraud department**” of their bank. ### **Phase 2: Fake call from a financial institution** This step involves a[threat actor](/phishing-awareness/find-out-about-the-latest-case-of-threat-actors-utilizing-phishing-as-a-service-to-steal-120000)who connects with the victim over a phone call, pretending to be from the bank or financial institution where the victim has an account. This impostor claims that the funds in the victim’s account have been “**accessed by a foreign hacker**” and that the bank needs to move the funds to a safe and secure third-party account. Next, the victim is instructed to use wire transfer,[cryptocurrency](/announcements/cybersecurity-updates-for-the-week-28-of-2023), or even cash to move the funds to the “safe” account within the next couple of days through**multiple transactions**. ![Cyber security](https://media.mailhop.org/phishprotection/images/2025/09/cyber-security.jpg) ### **Phase 3: Government agency impersonation** This is the last blow of the [three-pronged attack](https://www.ojp.gov/ncjrs/virtual-library/abstracts/importance-three-pronged-attack-corruption-and-assessment-its), where a scammer poses as a US government employee and approaches the victim over a phone call in order to compel them to move their “unsafe” funds to a “safe” account for**security purposes**. This call is done to legitimize the previous call and gain the final trust of the victim. In case the victim seems a little suspicious, the threat actor even sends a follow-up letter while impersonating official government letterhead. ### **Impact of Phantom hacking on victims!** According to Pete Nicoletti, the[Chief Information Security Officer](/resources/cyber-security-certifications-it-network)at Check Point, the Phantom hacking scams have proven to be “ severely devastating ” to their victims. The majority of these victims are retired individuals or those nearing retirement age. They don’t have enough digital knowledge, and they also have a certain amount of funds secured in their bank accounts. This is what makes them a valuable**target for the cybercrooks**. ![Phantom hacking info](https://media.mailhop.org/phishprotection/images/2025/09/phantom-hacking-info.jpg) Threat actors use[artificial intelligence](https://www.usnews.com/news/sports/articles/2025-09-03/oakland-ballers-to-use-artificial-intelligence-to-manage-saturday-home-game-against-great-falls)to study the personal interests or hobbies of their targets, which helps them sound more convincing and genuine when approaching victims. ### **How to protect yourself from Phantom hackers!** Staying vigilant is the number one strategy to safeguard your savings from the prying eyes of the Phantom hackers . Also, staying well-informed about**cybersecurity mechanisms**is yet another strategy that you and your loved ones should follow. You must also practice strong[phishing protection](/)by avoiding giving remote access to anyone who calls you unexpectedly. If someone asks you to move your funds to a third-party account while claiming to be from your bank or a**government agency**, hang up immediately. Then, contact your bank directly using the official number listed on your bank statement to verify the situation safely. Nicoletti believes that families must sit down together at dinner and discuss cybersecurity and Phantom hacking scams. He further adds that the chance of the victims[getting their money back](https://www.yahoo.com/news/articles/fbi-cybersecurity-experts-warns-3-120000759.html?guccounter=1)is merely 10%-15%, that too, if they manage to inform the concerned authorities on the same day of the**cyber mishap**. ## Topics [ Phishing Awareness ](/tags/phishing-awareness/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Foundational 5m 0ktapus, Okta Breach Helps Attackers Launch Sophisticated Supply Chain Attacks Sep 5, 2022 ](/blog/0ktapus-okta-breach-helps-attackers-launch-sophisticated-supply-chain-attacks/)[ Foundational 14m 12 Real-World Spear Phishing Examples And The Red Flags You Missed Feb 4, 2026 ](/blog/12-real-world-spear-phishing-examples-and-the-red-flags-you-missed/)[ Foundational 2m 8 million Android users fell prey to SpyLoan malware on Google Play Store Dec 5, 2024 ](/blog/8-million-android-users-fell-prey-to-spyloan-malware-on-google-play-store/)[ Foundational 1m A Big Part of the Phishing Problem is You Sep 17, 2019 ](/blog/a-big-part-of-the-phishing-problem-is-you/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Beware of Phantom Hacker Scams: Warns FBI","description":"Beware of Phantom Hacker Scams: Warns FBI https://media.mailhop.org/phishprotection/images/2025/09/Beware-of-Phantom-Hacker-Scams-Warns-FBI.","url":"https://phishprotection.com/blog/beware-of-phantom-hacker-scams-warns-fbi/","datePublished":"2025-09-04T06:00:29.000Z","dateModified":"2026-04-17T16:29:18.000Z","dateCreated":"2025-09-04T06:00:29.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/beware-of-phantom-hacker-scams-warns-fbi/"},"articleSection":"foundational","keywords":"Phishing Awareness","wordCount":904,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2025/09/cyberattack.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://phishprotection.com/foundational/"},{"@type":"ListItem","position":4,"name":"Beware of Phantom Hacker Scams: Warns FBI","item":"https://phishprotection.com/blog/beware-of-phantom-hacker-scams-warns-fbi/"}]} ```