FBI, cybersecurity experts warn of 3-phase scam that is draining bank accounts

Aaron Rose, security architect manager at cybersecurity firm Check Point Software, told Nexstar in an email that the crooks often use victims’ personal interests against them. Fans of vintage cars, antique watches or other items might post publicly on social media, making them vulnerable to bad actors.

“Criminals use personal interests to make their criminal actions appear authentic which decreases the chances of being caught,” Rose said, adding, “AI technology can analyze social media content to detect personal interests and life milestones which allows it to generate messages that seem personalized.”

Since 2024, the scam has reportedly been used to steal over $1 billion in funds, with the majority of victims being at least 60 years old, according to FBI data.

“These attacks are not just simple phone calls or phishing emails—they’re complex operations that involve multiple impersonators, spoofed phone numbers, and coordinated follow-ups,” Scott Davis, chairman of the Cybersecurity Association of Pennsylvania, said in a recent interview. “Seniors are being tricked into believing they’re protecting their money, when in reality they’re handing it straight to criminals.”

While pretending to work in tech support for a legitimate company, the scammer will use a phone call, text, email or pop-up window to contact the victim.

Once the victim calls for tech support help, the scammer instructs them to download a program giving access to the victim’s computer. After pretending to check the device for viruses, the scammer will then suggest the victim open financial accounts to look for unauthorized charges.

After choosing an account to target, the scammer tells the victim to wait for a call from the “fraud department” of the bank or institution holding the funds.

The next phase begins when a scammer, posing as an employee of a well known financial institution, calls the victim to inform them that their account has been hacked by someone overseas.

The only way to keep the money safe, the scammer says, is to move it to a third-party such as the Federal Reserve or a U.S. government agency, according to the FBI. The scammer helps organize the transfer, which is often broken into several transactions and may happen by wire, cash or crypto.

In an effort to legitimize the prior two phases, a scammer may impersonate an employee of the Federal Reserve or another agency.

If the victim starts to get suspicious, the scammer may send a follow-up letter using what appears to be official government letterhead, with the goal of convincing the victim that their funds continue to be “unsafe” and must be moved.

Experts say there are a number of steps to take to safeguard yourself against the Phantom Hacker scam, tips that you should also share with family members and other loved ones who might be at risk.

“The simplest advice is the most important: never give remote access to your computer if someone calls you unexpectedly,” Rose said. “Do not move your money just because a caller says they are from your bank or the government. Hang up, call the number printed on your bank statement, and verify the situation for yourself.”

If you find yourself unsure of what to do, end the call and talk to someone you trust before taking any action, Rose said.

“Scammers rely on secrecy and pressure,” according to Rose. “Breaking that pattern by taking a step back and checking with someone else – a friend, family member, or official from your bank or local law enforcement agency – is often the best defense.”

The FBI encourages anyone who is the victim of a crime to contact the local field office or file a report at tips.fbi.gov. If the crime is internet-based, file a report with the Internet Crime Complaint Center (IC3).

Who are these maroons who fall for this?

The same ones who vote Republican.

So many people are falling for these schemes... it does so happen that the most recent person I know who fell victim actual is a fairly wealthy republican and ardent Trump supporter, over 80 years old and now essentially penniless.

A friend of mine fell for something like this.

It was a fake Amazon charge. She called the number on the email instead of checking her Amazon account first.

They talked her into buying crypto which they then stole. She was out about $200.

I asked her what she was thinking and why she just didn’t ignore the email. She said one of her grandkids has access to her Amazon account and she figured he had done something. She said she knew better than to call a number from an unsolicited email, but it scared her.

Of course, as soon as they had her on the phone, it was all over.

You have to be constantly vigilant because these scammers are everywhere

I get a lot of “fraud alert” texts and phone calls from banks I don’t have accounts with.

With AI and being able to spoof phone numbers. It’s understandable old people are getting scammed.

I have to pay monthly for a spam filter and even that doesn’t get rid of everything.

A scammer called me from (the spoofed number of) my bank, had the details of my deposit that morning (including the check the atm hadn’t let me deposit) and then said someone had skimmed my password and was trying to Zelle themselves money in Indiana. Thank goodness for me I guess that I couldn’t access my bank account at that moment because I was having a work crisis at the same time. These scammers are incredibly sophisticated.

Most impressive lately was a scammer on my *work^ email telling me to click here to access my full 2025 Performance Review… right at the time everyone’s annual performance reviews were being conducted across our organization.

The scammer did it to the entire org and tricked about 15% of us, uploading malware etc. I came within a second of being one of them.

You definitely don’t have to be politically Trumpy to fall for these, and they’re getting ever more creative. Any combo of old age, naïveté, distractedness or fatigue/sleep deprivation will do it.

Never take communications from a bank or a company. Call them directly and inquire about it, if it was legitimate then you can handle it that way, if it isn’t legitimate you can report the scam and then block the number that called you. The only reason my bank will call me is to ask yes/no to confirm that I made a transaction. No company or bank will ever contact you regarding your account details. This is a lot more obvious than the scam ElderLez described.

Soon it will be impossible to tell becasue they will be able to spoof legit websites. AI is more likely to bring down the whole tech economy than move it to a new level.

And with massive cuts to CISA and redirecting FBI to hunting down construction workers and cleaning women, you’re mostly on your own.

And of course with those Republicans they love to vote for, everything is going to be deregulated. Good luck!

I never answer my phone.

Problem solved!

Not to mention closing actual social security offices.