Older adults across the United States are losing entire retirement accounts to a scam that deploys not one, but three successive impersonators, each building on the trust established by the last. The FBI has formally identified this scheme as the “Phantom Hacker” scam, a three-phase operation in which callers pose first as tech support, then as a bank or brokerage representative, and finally as a U.S. government official. The layered approach is designed to overwhelm skepticism at every stage, and the agency warns that victims often do not realize they have been defrauded until their savings are gone.
How three fake callers drain accounts faster than one
The core danger of the Phantom Hacker scheme is its sequential structure. In a typical single-impersonation scam, a target has one chance to recognize the fraud and hang up. The three-phase model removes that single point of failure for the criminals. Phase one begins with a caller or pop-up message claiming to be from a legitimate technology company. The caller persuades the victim to grant remote access to a personal computer, supposedly to scan for viruses or security threats. Once inside, the scammer identifies financial accounts and their balances.
Phase two introduces a new voice. A second caller, posing as a representative of the victim’s bank or brokerage, warns that the accounts flagged in phase one have been compromised. This caller instructs the victim to move funds to a “safe” account, often at a different institution or overseas. The second impersonator validates the first, making the entire story feel like a coordinated institutional response rather than a cold call from a stranger.
Phase three seals the theft. A third caller claims to represent the U.S. government, sometimes the Federal Reserve or another federal agency, and pressures the victim to complete the wire transfer or cryptocurrency transaction. By this point, the target has spoken with three seemingly independent authorities who all tell the same story. The FBI describes in its own audio briefing how the second impersonator serves mainly to validate the first, while the third exists to finalize trust and move money. That compounding authority effect is what separates this scam from garden-variety tech-support fraud and helps explain why individual losses can be catastrophic.
FBI and FTC warnings confirm a pattern across field offices
The FBI did not limit its warning to a single bulletin. Its Internet Crime Complaint Center issued a detailed public alert defining the Phantom Hacker scam as a three-prong operation targeting senior citizens and resulting in victims losing their life savings. Field offices in multiple regions have echoed the same step-by-step phases: tech support first, then banking, then government impersonation. The consistency across offices signals that the FBI is treating this as a nationwide pattern rather than a regional cluster.
Beyond written advisories, the Bureau has also produced a short video explainer that walks viewers through real-world examples of the scam. Investigators emphasize that the three personas are scripted to sound independent, yet they are coordinated by the same criminal group. The video underscores that victims are often contacted repeatedly over days or weeks, with each new “official” reinforcing the fabricated emergency and pushing for larger transfers.
Regulators outside the FBI are seeing similar tactics. The Federal Trade Commission has reported that scammers increasingly impersonate multiple institutions in a single episode, handing victims from a fake business to a fake bank or government agency as part of one continuous narrative. This broader trend mirrors the Phantom Hacker’s choreography and suggests that organized fraud rings are refining scripts to exploit trust in familiar brands and public agencies.
Why older adults are especially at risk
While anyone can be targeted, the FBI’s case summaries show that older adults are disproportionately harmed. Retirees are more likely to have substantial savings in brokerage or bank accounts, making them high-value targets. They may also be less comfortable with fast-changing technology, which can make an unexpected “security” call feel plausible rather than suspicious. When a stranger claims that a lifetime of savings is at risk, fear can override the instinct to hang up and verify.
Scammers exploit this anxiety by using jargon, referencing recognizable companies, and insisting that secrecy is necessary to avoid further “fraud.” Victims are often told not to discuss the situation with family members or local bank staff, on the pretext that corrupt insiders might be involved. By isolating targets from their usual support networks, the criminals reduce the chances that someone else will recognize the red flags and intervene in time.
Practical steps to avoid becoming the next target
Experts recommend a few simple rules to blunt the Phantom Hacker playbook. First, treat any unsolicited pop-up, text, or phone call claiming to be “tech support” as suspicious, especially if it urges you to grant remote access or install software. Legitimate companies do not monitor your personal devices for threats and then reach out uninvited. If you receive such a message, close your browser, power down the device if needed, and contact the company using a phone number from your own records, not from the pop-up.
Second, remember that banks and government agencies do not ask customers to move money into “safe” third-party accounts to protect it. If anyone pressures you to wire funds, buy cryptocurrency, or withdraw cash for a courier, hang up and call the institution directly using a number from your statement or the back of your card. Do not rely on numbers or links provided by the caller.
Finally, talk openly with family members and caregivers about these schemes. Older adults who know that the Phantom Hacker pattern exists are better equipped to spot it early. Encouraging a habit of pausing, verifying, and involving a trusted person before moving large sums can be the difference between a close call and a wiped-out retirement.
