What is a Phantom Hacker scam, and how can you avoid this apparition?

A laptop with a blank screen representing the Phantom Hacker sits on a high table in a coffee shop window with plants around it.

A new kind of scam that uses multiple actors to steal money is making the rounds. Educate yourself and your loved ones to help avoid falling for this fake threat.

There’s a city overseas that's famous for its incredible architecture and art, and only slightly lesser known for the pickpockets and thieves that work in the tourist areas.

Ask your friends or locals, and you might hear about all the tricks and ploys criminals use to distract, confuse, misdirect, and steal. One ploy has become the stuff of legend.

While you’re out, a person claiming to be an undercover police officer walks up and asks to see your ID. But before you can act, a second person approaches and shows a real badge. That person identifies themselves by name and explains they’re cracking down on police impersonators in the area. At some point, the officer asks to see your ID. While you’re off guard, both actors grab your wallet and your bag and run.

It's brazen, it’s ugly, and with the multiple actors, it’s easy to think of how someone could fall for it. 

And, it’s very similar to the Phantom Hacker scam – a new ploy where fraudsters play multiple roles pretending to be people trying to help you. Each new person is just an apparition.

Phase 1: The tech support call

The first step for this style of fraud happens when a scammer makes contact masquerading as a tech or security representative. The scammer might call the victim, or they might trick the victim into calling the number from a convincing email or other message. However they’re connected, the initial script follows a similar format.

A very convincing voice tells the victim that they represent a recognizable software or service company, and their company detected a likely hack on the victim’s computer. The person on the phone wants to help, and they direct their target to download software that will help detect and remove any potential malware.

Of course, the software the fraudster directs the victim to download is the malware. Now the scammer can see everything on their computer and might even direct the target to visit their financial websites (while they watch) so they can learn the names of financial institutions, account information, and which accounts have the most money to take.

In other scams, this is the last step. Once a scammer can access a computer, they can attempt to steal passwords, account information, or even try to install ransomware. But the growing use of antivirus, password vaults, and account monitoring is making this much harder.

Wouldn’t this all be easier if the victim would just send the scammer all their money?

That’s why there’s a Phase 2.

Phase 2: Your bank has detected fraud

At the end of the first phase, the supposed tech support representative tells the victim that they’re reporting the issues to the security department of their financial institution. The target should expect a call from the bank the next day.

Sure enough, the next day, the victim receives a call. This time it’s a second fraudster who identifies themselves as a representative of their financial institution, and they’re able to confirm plenty of information to prove who they are—because the scammers got that information by watching the screen in Phase 1.

Once they have the victim’s confidence, the scammer tells the person that their accounts have been accessed by foreign hackers. The threat is coming from overseas and, as the fraudster tells their target, it’s difficult to stop this fraud because foreign governments don’t always cooperate. The thief advises their victim that the best thing to do is to move their money out of their accounts for safe keeping.

And the best way to do so is to move their money to a third-party account protected by the Federal Reserve or another government agency for safekeeping.

Phase 3: The government calls

In the last phase, the scammers take the guise of the hero—coming in at the end to save the victim (and run with their money).

Now, the scammers contact their targets claiming to be government officials who will help the victim move all their money out of their account to “safety.” They guide the victim down the path for making wire transfers or purchasing cryptocurrency—or any other means of cleaning out a person’s bank, credit card, and retirement accounts.

If the person hesitates, the fraudsters pressure the victim by telling them their money is unsafe, that they can’t be protected if they don’t act and assure them they’re working in their best interests. In some cases, the scammers have even sent mail on official-looking letterhead to help convince victims of their legitimacy.

If the scammers prevail, the victim voluntarily moves their money right into the hands of the criminals.

Earmarks of multi-actor scams, and how to help stay protected

Like my friend’s example of a street hustle, a fraud can be very powerful when more than one criminal is working in concert. One actor provides a distraction, the other picks your pockets.

The Phantom Hacker works similarly in that multiple actors are providing a scenario that is somewhat true—someone is trying to steal from you. But each new player in their game presents themselves as the hero, hoping you’ll put your trust in them and fall for their scam.

What are some ways to be your own hero, and prevent falling victim to this scam?

  • Make your own phone calls
    One of the best ways to avoid falling victim to this scam is to start immediately ignoring the people on the phone. Ignore the numbers they give you and look up the numbers of the companies they claim to represent yourself…either online or from their official mail. If you think there’s a fraud, call those companies directly, ask to speak to the fraud department, and they will tell you if a threat is real or not.

  • Never download software from a phone call
    Or a pop-up ad, or an email that alerts you that your account has been hacked. No company you do business with installs software through pop-ups, and no email informing you that your account is under threat asks you to download programs. Like the above, use official phone numbers and official emails only to track down if you’ve been a fraud victim.

  • Never move money at a stranger’s request
    The U.S. Government will never ask you to pay for anything via wire transfer, gift cards, or cryptocurrency. In fact, most companies will never ask you to pay via these means. In any situation, someone putting time-pressure on you to move money via wire transfer should set off the alarms.

  • Maintain healthy skepticism
    Always keep your guard up online. Look at the return email addresses when you see supposed “fraud detected” emails. Check the caller ID when your phone rings and be ready if someone tells you you’re in danger over the phone. You’re in control, you can hang up, delete the email, and contact the businesses you work with yourself.

The Phantom Hacker scam is a complex and elaborate scheme that preys on the vulnerability of others. By employing multiple actors and creating a sense of urgency through an elaborate set of steps, the scammers are able to convince unsuspecting victims to hand over their hard-earned money.

However, by remaining vigilant, following simple security protocols, and maintaining a healthy dose of skepticism, you can protect yourself from falling prey to this and other scams. And remember as always, if something sounds too good to be true, it probably is.

Clare Stouffer
  • Clare Stouffer
  • Gen employee
Clare Stouffer, a Gen employee, is a writer and editor for the company’s blogs. She covers various topics in cybersecurity.

Editorial note: Our articles provide educational information for you. Our offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about Cyber Safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses. The Norton and LifeLock brands are part of Gen Digital Inc. 


    Want more?

    Follow us for all the latest news, tips and updates.