Don't fall victim to the new ‘billion dollar’ hack, federal agents warn

New Yorkers are on high alert after a warning about a hack that stole over $1 billion from American citizens, leading to a flurry of FBI alerts. State Attorney General Letitia James sounded the alarm, telling all New Yorkers to watch out for the three-phase scam.

The hack has been identified as the “Phantom Hacker.” According to AG Letitia James, older citizens are the major victims. In fact, according to the IC3’s latest published annual report, seniors suffered a staggering $4.885 billion worth of losses last year. This was a 43% increase from 2023.

“Phantom Hacker” scam is different from the typical tech support scam. It adds additional layers, where scammers pose as not just support staff but also as bank workers, and even government representatives, in an attempt to gain the trust of their victim and ultimately steal a large amount of money. 

Phantom Hacker’s 3 phases of the attack

The so-called “Phantom Hacker” scam is a three-pronged attack. It sees fraudsters use a combination of social engineering and technology to convince victims to give them access to funds. 

The attack begins with a malicious, urgent lure to have the victim place a phone call. The victim receives a call, text, email, or pop-up window instructing them to contact a customer support phone number urgently.

During the call, the victim is talked into downloading a software program that gives the scammer remote access to the victim’s computer. The hackers use the excuse of checking for malware on the victim’s device.

The hacker then instructs the victim to check their bank accounts while they’re on the line. They use the software installed to watch the victim secretly. This lets them know where your money is, priming the attack for the second phase.

Finally, the victim receives a call that is manipulated to sound like the bank where the victim’s most lucrative account is held. They are told to move their money to a safe account to stop the “phantom hack.” However, the new account belongs to the real hacker or the person who conducted the hack. 

In addition, the scammer tells the victim not to inform anybody of the real reason why they are moving their funds. All banks and financial institutions stress that they will never do this. 

The optional third phase is an email, letter, or call from a “US government agency,” legitimizing what you’re being told to do. Throughout the process, the scammers emphasize to the victim that their funds are not safe unless they are moved to an account under their protection. 

Smartphone users should never call numbers in pop-ups, emails, or texts. 

People are always advised never to download apps or software during tech help or customer service calls. Now the newest advice for smartphone users in New York and everywhere else is to never call any numbers they see in these pop-ups, emails, or texts.

According to AG  Letitia James, hackers can’t start the attack if victims don’t call the number. Instead, when a pop-up or message appears, log in to your account normally and check that everything is as it should be.

Citizens can also call customer assistance using your app or a number that is easy to find. Don’t use an AI chat assistance to look up the number. Look for it yourself.

Get seen where it counts. Advertise in Cryptopolitan Research and reach crypto’s sharpest investors and builders.