Federal authorities are warning older Americans about a fraud that has already stripped more than $1 billion from victims by impersonating not one trusted institution but three in sequence. Known as the “phantom hacker” scam, it begins with a fake technical-support agent, escalates to a counterfeit bank representative, and finishes with someone posing as a government official — each layer reinforcing the last so that a skeptical victim is worn down into compliance.
The design is what sets this scheme apart from a simple imposter call. A single phony phone number is easy to dismiss, but a story that unfolds across several days, delivered by different “officials” who all seem to corroborate one another, is far harder to see through. That layered structure is precisely why the losses have climbed into ten figures and why retirement accounts are the favored target.
The FBI has flagged the scheme as a growing threat to seniors, and security specialists say artificial intelligence is making the ruse more convincing than ever, according to a report on the bureau’s warning about the billion-dollar scheme. Understanding how the three stages fit together is the clearest way for families to recognize the con before money leaves the account.
Stage one: the fake tech-support call
The scam usually opens with a pop-up warning on a computer, an email, or a text claiming that a device has been infected or an account has been accessed by an outsider. A phone number is provided for “support.” When the target calls, a polite technician offers to help and asks for remote access to the computer, ostensibly to run a security scan.
That remote access is the real objective. Once inside the machine, the criminal can watch the victim log in to financial accounts, note the balances, and identify which accounts hold the most money. The technician may also run a fake scan that “discovers” foreign hackers or fraudulent activity, setting up the fear that drives the next stage. Nothing has been stolen yet, but the criminals now know exactly how much there is to take and have established themselves as the helpful party.
Stage two: the counterfeit bank officer
Days later, a second caller phones the same victim, this time claiming to represent the fraud department of the person’s bank or brokerage. The caller “confirms” that the accounts have indeed been compromised by foreign hackers, lending weight to the earlier tech-support story. The message is that the money is in immediate danger and must be moved to protect it.
Here the scheme reveals its purpose. The fake bank officer instructs the victim to transfer funds — often by wire, sometimes by cryptocurrency or gold — into a supposedly “safe” account controlled by the government or a third party. Victims are frequently told to keep the transfer confidential and to tell bank tellers, if asked, that the money is for a personal reason. The account is not safe at all; it belongs to the criminals, and once a wire is sent it is extraordinarily difficult to claw back.
Stage three: the government impersonator
If a victim hesitates, a third actor enters, posing as an official from a federal agency such as the Federal Reserve or another government body. This person adds an air of authority and urgency, sometimes sending an official-looking letter or email to reinforce the story and reassure the victim that moving the money is the legitimate, government-sanctioned step. The escalation is deliberate: doubts that survive a “bank” call are meant to collapse under the weight of a “federal” one.
The FBI reports that older adults are disproportionately targeted by this scheme and account for a large share of the total losses, a pattern the bureau tracks through its Internet Crime Complaint Center. Investigators and fraud analysts also warn that criminals are increasingly using artificial intelligence to polish their scripts, mimic official communications, and even clone voices, all of which make each stage sound more authentic than the crude scams of a decade ago.
How to break the chain
Because the phantom hacker scam depends on a chain of trust, breaking any single link stops it. The first and most effective defense is to never grant remote computer access or call a phone number that appears in an unexpected pop-up, email, or text. Legitimate technology companies do not monitor personal computers for viruses and then cold-call about them.
The second defense targets the money itself. No genuine bank, brokerage, or government agency will ever instruct a customer to move funds to a “safe” account to protect them, and none will demand secrecy from family members or bank staff. Federal consumer-protection guidance emphasizes that unusual payment methods, pressure to act immediately, and requests for secrecy are hallmarks of fraud, as detailed in the Federal Trade Commission’s guidance on recognizing and avoiding scams. Any one of those signals is reason enough to stop.
Practical habits close the gap. Anyone who receives such a call should hang up and independently verify the situation by phoning the bank at the number on a statement or card, never a number provided by a caller. Large or unusual transfers deserve a pause and a conversation with a trusted relative before any money moves. Families with older members can talk through this specific three-stage pattern in advance, so a “government official” confirming a “bank’s” warning about a “hacker” is recognized as the coordinated act it is. For a scheme built entirely on manufactured authority, a single verified phone call is often all it takes to bring the whole story down.
The layered structure also creates natural checkpoints where the con can be stopped. A caller who insists that a supposed problem stays secret from family, or who discourages contacting the bank in person, is behaving in a way no legitimate institution ever would, and that demand for silence is itself a warning. Bank employees are trained to question large or hurried wire transfers, which is one reason criminals coach victims to lie about the purpose of the money; treating any such coaching as proof of a scam gives a target one more chance to walk away before the funds are gone.
The role of artificial intelligence raises the stakes but does not change the defense. Convincing scripts, polished emails, and even cloned voices can make each stage sound authentic, yet none of that technology can produce the correct answer when a victim independently calls the real institution. The tools have grown more sophisticated; the underlying instruction — to move money to a “safe” account — remains the same tell it has always been.
This article was produced with AI assistance and fact-checked against the primary and official sources linked above.
Free tool for readers: Not sure whether your own retirement is on track? You can check your free Retirement Safety Score — a 0–100 number plus a few personalized steps — in about five minutes, with no sign-up required to see your score.