When the FBI issues a public service advisory, you’d be well advised to take note, in my never humble opinion. Whether the subject of that cybersecurity alert is an attack on routers, the latest ransomware threat warning, or involves a password-stealing, 2FA bypass. Of particular note, however, are the FBI warnings that relate specifically to smartphone users, given how ubiquitous the things are now. The latest has just been posted to the X, formerly known as Twitter, social media platform by the FBI Los Angeles, which warns that a series of phantom hacker attacks can see smartphone users losing their life savings. Here’s what you need to know and do.
The FBI Phantom Hacker Warning
A July 15 posting to X, by the official FBI Los Angeles account, served to remind all smartphone users, be they of the Android or iPhone persuasion, to beware of so-called Phantom Hackers scams. These are the FBI warning outlined, “where cyber criminals use a 3-prong attack against victims using tech support, financial institution, & government impersonation scams simultaneously.” The payout, if successful? Your life savings.
That posting actually references a much older threat, one that was first flagged by the FBI public service announcement, alert number I-091223-PSA, way back in September 2023. Nothing, however, has changed since then, and the fact that the FBI has seen fit to bring the scam back into the public consciousness now should be all the warning that you need to take it very seriously indeed.
So, what is a Phantom Hacker scam? Simply put, the FBI explained that the attack layers “imposter tech support, financial institution, and government personas” in an effort to engender trust in the victim as well as to “identify the most lucrative accounts to target.” Should you be on the end of such an attack, the FBI warned, victims face “the loss of entire banking, savings, retirement, or investment accounts under the guise of protecting their assets.”
The three-phase attacks comprise:
- A call from a scammer posing as a customer or tech support informing the victim that they might have been subject to unauthorised financial charges. This involves directing them to a link to download remote software, open bank accounts, and then advising them that someone will be in touch from the bank fraud department.
- The second imposter then contacts the victim, with information that
“their computer and financial accounts have been accessed by a foreign hacker and the victim must move their money to a safe third-party account, such as an account with the Federal Reserve or another U.S. Government agency.”
- Phase three involves the final imposter, the so-called government representative from the Federal Reserve, who provides details of the account to which the funds should be transferred.
The FBI has requested victims should report these activities to their local FBI field office and the FBI IC3 at www.ic3.gov.