Scam Checker
Back to all scam alerts and blog posts

The 'Phantom Hacker' Scam: Fake Bank and Tech-Support Calls That Drain Savings

By Published Reviewed by Shubham Singla
  • scam alert
  • phone scam
  • tech support scam
  • bank impersonation
  • imposter scam

Disclaimer: This post is for informational purposes only and does not constitute legal or financial advice. If someone is pressuring you to move money to a "safe account," stop, hang up, and call your bank on the number printed on your card.

A scam the FBI has named the "phantom hacker" is quietly emptying retirement and savings accounts — and it's especially dangerous because it doesn't feel like a single con. It arrives as three separate, polite, professional phone calls, each one "confirming" the last, until the victim is convinced their money is under attack and the only safe thing to do is move it. By the time they realise the truth, the savings are gone. If you ever get a call about fraud on your account, you can sanity-check the number and the story against our scam phone number checker before you do anything.

What is the phantom hacker scam?

The phantom hacker scam is a layered impersonation con that unfolds in three stages: a fake tech-support contact, then a fake bank or brokerage call, and finally a fake government official. Each "agency" pretends to help you defend against a hacker who doesn't exist — the "phantom" — while steering you toward wiring or transferring your entire balance to an account the criminals control. The FBI's Internet Crime Complaint Center (IC3) has warned that older adults are the primary targets and that losses are frequently life-changing.

Example scenario

Here's a realistic composite scenario based on patterns reported to the FBI's IC3 and the FTC:

"A pop-up froze my laptop with a warning and a phone number for 'support.' The man who answered was calm and helpful. He had me install a program so he could 'scan' my computer, then told me hackers from overseas had gotten into my bank. He transferred me to the 'bank fraud department.' That second person knew my name and confirmed the breach, and said the only way to protect my money was to move it to a 'secure federal account' while they fixed my real one. A day later a third person called saying he was from a government agency and the transfer was approved. I moved almost everything. There was no hacker. There was no secure account. It was the same group the whole time."

This is a realistic example built from common reports — not a single real person's story.

How this scam works

The scam is engineered so each layer makes the next one more believable:

  1. The tech-support imposter (the way in). It starts with a pop-up, an email, or a text claiming your device or account has a problem, with a number to call. The "technician" persuades you to install remote-access software — handing them a live view of your screen and, crucially, your bank balances. Now they know exactly how much you have.
  2. The bank/brokerage imposter (the fear). You're "escalated" to someone claiming to be your financial institution's fraud team. They cite the balances they just saw on your screen as proof they're legitimate, then tell you a foreign hacker is draining the account and you must act immediately.
  3. The move-your-money instruction (the theft). You're told to wire, transfer, or even convert funds to crypto or gold, and send them to a "safe" account for protection. You may be coached to lie to your own bank about the reason, so a teller's fraud warning doesn't stop you.
  4. The government imposter (the seal of approval). If you hesitate, a third caller posing as a federal agency "confirms" the operation is official and urges you to keep it confidential. This added authority is designed to override the doubt that naturally creeps in.

Every layer reinforces the others, which is what makes the phantom hacker scam so much more convincing than a single cold call. As the FTC notes about phone scams, the constants are pressure, secrecy, and an instruction to move money in a way that's hard to reverse.

Who is being targeted

The IC3 reports that the heaviest losses fall on older adults, particularly retirees with significant savings, because the payoff per victim is large and the funds are often liquid. But the playbook works on anyone who:

  • Reacts to a scary pop-up or "fraud alert" by calling the number it provides.
  • Trusts a caller who already seems to know account details (which the remote-access step quietly supplied).
  • Believes that "moving money to a safe account" is a real fraud-protection step. It is not — no legitimate bank or government agency will ever ask you to do this.

Red flags to watch for

🚩 An unsolicited contact about a "hacker" or "breach" on your account. Real institutions don't open with a dramatic warning and a number to call back.

🚩 Being asked to install remote-access or "support" software. This hands over control of your device and a view of your finances.

🚩 A call that gets "transferred" between tech support, your bank, and a government agency. That chain is the signature of this scam.

🚩 Any instruction to move, wire, or convert money to a "safe," "secure," or "federal" account. This is the single biggest tell — and always a scam.

🚩 Pressure to keep it secret or to mislead your own bank. Legitimate fraud teams want you to talk to your bank, not hide from it.

🚩 Urgency, isolation, and unusual payment methods — crypto, gold, wire transfers, cash couriers.

What to do if you're contacted

  • Hang up and verify independently. Don't call back the number from a pop-up or text. Call your bank using the number on your card or statement, and check the caller against our scam phone number checker.
  • Never install software a caller asks for, and never let anyone you didn't contact take remote control of your device.
  • Remember the golden rule: no real bank or government agency will ever tell you to move money to a "safe account." That sentence alone means it's a scam — stop there.
  • Report it. File with the FBI's IC3 and the FTC's imposter-scam reporting, and tell your bank so they can watch the account.

If you already moved money

Speed matters — wires and crypto move fast, but fast reporting can still help:

  1. Call your bank immediately and ask them to attempt a recall or freeze on the transfer. The sooner you call, the better the odds.
  2. Disconnect and clean the device the "technician" accessed, change passwords from a different device, and enable two-factor authentication.
  3. Report to law enforcement via IC3 and your local police, and keep every text, number, and reference.
  4. Get a personalised recovery plan. Walk through our Have I Been Scammed? checklist, and if a caller "from your bank" asks you to move money, cross-check the tactic against our bank impersonation scams guide.

The phantom hacker scam works by stacking three trusted voices on top of a threat that was never real. The defence is one habit: when anyone tells you to move money to keep it safe, that is the moment to hang up and call your bank yourself.

Sources

External sources and references