FBI San Francisco
San Francisco Media Office
media.sf@fbi.gov
October 3, 2023
“The Phantom Hacker”: FBI San Francisco Warns Public of New Financial Scam
Victims Are Tricked Into Thinking Their Financial Accounts Have Been Hacked, and Scammers Are Stealing Their Life Savings
SAN FRANCISCO—FBI San Francisco is warning the public of a new scam dubbed “The Phantom Hacker.” Scammers are impersonating technology, banking, and government officials in a complex ruse to convince an elderly victim that foreign hackers have infiltrated their financial account. The scammers then instruct the victim to immediately move their money to an alleged U.S. Government account to “protect” their assets. In reality, there was never any foreign hacker, and the money is now fully controlled by the scammers. Some victims are losing their entire life savings.
“These scammers are cold and calculated. They are targeting older members of our community who are particularly mindful of potential risks to their nest eggs. The criminals are using the victims’ own attentiveness against them,” said Special Agent in Charge Robert K. Tripp. “By educating the public about this alarming new scam, we hope to get ahead of these scammers and prevent any further victimization.”
“The Phantom Hacker” Scam: How It Works
The FBI has observed repeated behavior by criminals involved in “The Phantom Hacker” scam. The ruse is often perpetrated in three major steps:
Step 1 – Tech Support Imposter
In the first step, a scammer posing as a customer support representative from a legitimate technology company initiates contact with the victim through a phone call, text, email, or a popup window on their computer and instructs the victim to call a number for “assistance.”
Once the victim calls the phone number, a scammer directs the victim to download a software program allowing the scammer remote access to the victim’s computer. The scammer pretends to run a virus scan on the victim’s computer and falsely claims the victim’s computer either has been or is at risk of being hacked.
Next, the scammer requests the victim open their financial accounts to determine whether there have been any unauthorized charges – a tactic to allow the scammer to determine which financial account is most lucrative for targeting. The scammer informs the victim they will receive a call from that financial institution’s fraud department with further instructions.
Step 2 – Financial Institution Imposter
In the second step, a scammer, posing as a representative of the financial institution mentioned above, such as a bank or a brokerage firm, contacts the victim. The scammer falsely informs the victim their computer and financial accounts have been accessed by a foreign hacker and the victim must move their money to a “safe” third-party account, such as an account with the Federal Reserve or another U.S. Government agency.
The victim is directed to transfer money via a wire transfer, cash, or wire conversion to cryptocurrency, often directly to overseas recipients. The victim is also told not to inform anyone of the real reason they are moving their money. The scammer may instruct the victim to send multiple transactions over a span of days or months.
Step 3 – U.S. Government Imposter
In the third step, the victim may be contacted by a scammer posing as the Federal Reserve or another U.S. Government agency. If the victim becomes suspicious, the scammer may send an email or a letter on what appears to be official U.S. Government letterhead to legitimize the scam. The scammer will continue to emphasize the victim’s funds are “unsafe” and they must be moved to a new “alias” account for protection until the victim concedes.
Victims often suffer the loss of entire banking, savings, retirement, and investment accounts under the guise of “protecting” their assets.
Tips to Protect Yourself
- The FBI recommends that the public take the following steps to protect themselves from “The Phantom Hacker” scam:
- Do not click on unsolicited pop-ups, links sent via text messages, email links, or attachments.
- Do not contact the telephone number provided in a pop-up, text, or email.
- Do not download software at the request of an unknown individual who contacted you.
- Do not allow an unknown individual who contacted you to have control of your computer.
- The U.S. Government will never request you send money to them via wire transfer, cryptocurrency, or gift/prepaid cards.
Reporting Suspected Fraud
The FBI requests victims report these fraudulent or suspicious activities to the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov. Be sure to include as much information as possible, such as:
- The name of the person or company that contacted you.
- Methods of communication used, to include websites, emails, and telephone numbers.
- The bank account number where the funds were wired to and the recipient’s name(s).
FBI警告 小心這種新詐騙 3步掏空你的帳戶
美國聯邦調查局(FBI)近日發布公告,提醒廣大民眾小心「幽靈駭客」(phantom hacker)騙局。這是最新的一種假冒技術人員、美國政府人員,騙取銀行存款的騙局,三步就能掏空受害人所有銀行存款或退休金。
FBI表示,這種騙局套路從以往的「技術支持」類騙局演變而來,過程更加複雜。騙子通過假裝技術支持人員、銀行職員以及政府官員,分三步套取民眾信任,並能查出受害人存款最多的銀行、退休金以及投資帳戶,將錢騙走。今年1月至6月間,美國境內有超近2萬起類似詐騙的舉報。預計受害人共損失高達5億4200萬元。超過一半的受害人為60歲以上人士。
這種騙局套路分為三步:第一步,騙子假裝是某大公司的技術客服人員,通過電話、手機短信、電子郵件或電腦彈跳窗口聯繫受害人,稱其帳戶有漏洞,需打電話來尋求技術幫助;當受害人打電話過去,騙子會讓受害人下載一個軟件,該軟件實際可以讓騙子遠程控制受害人的電腦;接著,受害人在騙子的指示下,將存款帳戶一一打開,理由是檢查是否有可疑付款紀錄;最後,騙子告知受害人,將接到銀行反欺詐部門工作人員電話,對其做更多指導。
第二步,假裝成銀行工作人員的騙子謊稱受害人的帳戶被黑客攻擊,需要將裡面的資金轉移至「安全的第三方帳戶」,例如聯邦儲備帳戶或其他美國政府部門帳戶;在騙子的指示下,受害人實際將錢最終電匯到了海外帳戶。他們可能分多次匯款,長達幾天甚至幾個月;騙子還指示受害人不要告訴任何人匯錢的真實原因。
第三步,受害人還有可能收到來自聯邦政府官員的信件或電子郵件。當然,這些都是騙子偽裝而成的。為了讓信件看起來更真實,上面往往印有政府徽章、標示;接著,這些「政府人員」會一再強調,給受害人「洗腦」稱他們的帳戶資金不安全,直到受害人相信他們的話。
為了避免成為該類騙局的受害人,FBI建議民眾:不要點擊任何不明來源的彈跳窗口,不要點擊任何來源不明的短信、電郵中的超鏈接或附件;不要聯繫任何彈跳窗口、短信、電郵中電話號碼;不要下載任何陌生人指示的軟件;不要讓任何不明人士操控你的電腦。
政府部門從來沒有也絕對不會要求民眾將財產電匯至海外帳戶。
民眾如遇到詐騙或疑似詐騙,可以向FBI地方辦公室舉報,或到其網路犯罪舉報中心(Internet Crime Complaint Center,簡稱IC3)舉報,網址為:https://www.ic3.gov/
发表回复