Skip to main content

The Phantom Hacker Scam -- Everything you need to know

When the FBI warns people about the scam, this is serious, but this is actually just a variation of the scam that perpetrated upon the Asian community for a while. 

To make a long story short... 

Stage 0 

Beware when you are contacted via some method, text message, pop-up on your computer, a direct phone call, supposedly from a company that you had patronized before (a national brand, like Amazon, Best Buy, Uber, and so on). Those companies usually do NOT contact you directly, but these imposters will. Anyway, the message claims you need to call them right away to mitigate any damage. 

Stage 1

When you call, the imposter will ask you to download some program so they can control your computer from afar, in order to show you some supposed "evidence" that either have been hacked or will soon be hacked, ask about your bank, and claim your bank's fraud department will be contacting you shortly. This is of course, another imposter. 

Stage 2

"Your bank's fraud department" (not really) then calls, and basically "verifies" the previous imposter's claim that you've been "hacked" or will be hacked, and you need to transfer the money to some "safe" account operated by some special government program, often the "Federal Reserve" and will get it back soon. The transfer can be done by wire transfer, cash transfer (Venmo, etc), Western Union, or even cryptocurrency transfer. The imposter than will initiate stage 3, claiming the "Federal Agent" will be in touch. 

Stage 3

"Federal Agent" who allegedly operates the safe harbor program for your money will then call, and will often present a fake receipt with fake title or stationery, to close the transfer. You will send it money via the agreed method, whether it be wire transfer, crypto, gift cards, or Venmo (and similar) methods.  

End Result

You never see your money again

Since you initiated those transfer yourself, your bank will likely NOT reimburse you for any losses. 

Namesake

Since there was no real hacker threat, this scam became known as the "phantom hacker scam". 

Origins

This is a variation of a common scam from China against Chinese ex-pats. Scammers reach Chinese victims on WeChat or other platforms, including SMS and phone, convincing victims that they're being investigated by Chinese Public Security (i.e. Chinese police) and victims are implicated in some sort of money laundering scheme, and unless the victims transfer the account's content into a "monitored account" they will be considered accessories to the laundering. Of course, their money was never seen again. 

Protect Yourself

Do NOT click on pop-ups, links, or attachments you are not sure about, even if it sounds urgent

Do NOT call phone numbers provided in such uncertain links either

Do NOT download something just because someone over the phone told you to

Do NOT allow some Internet rando control your computer

US Government will NOT ask you to send it money via wire transfer, crypto, or gift cards... 


Labels:

Comments

Post a Comment

Popular posts from this blog

I finished Google Cybersecurity Certificate in 5 Days. What did I learn?

As of May and June 2023, there were a lot of buzz about the Google Cybersecurity professional certificate issued in conjunction with Coursera.  So I took the 8 course certificate program, and I was able to finish it in 5 days (May 31st to June 4th), which is so fast, it was within the 7 day trial period, so I did not pay anything (normally $49.00 USD).  I did go in with a couple unfair advantages: * I already know SQL * I already know Python * I was an IT professional  * I have taken a cybersecurity intro course before * I was also between jobs so I have a LOT of time to dedicate to studying * I have taken many Coursera courses before (back in early 2020) So is the course any good? I think it is a good course for people who have no idea what to expect, and this will give them a taste on what a job in cybersecurity will involve. The video lectures are relatively short, and there were a LOT of emphasis on the non-traditional non-technical background of many of the Google em...
Post a Comment
Read more

6 tips to finish a Coursera Certificate Fast! (from the guy who did it in 5 days)

Hi, I am Captain Chang, an IT professional, and veteran of multiple Coursera certificates, most of them finished in 10 days or less. Recently, I finished the Google Cybersecurity Certificate in 5 days. A link to that video is in the description.  To me, Coursera education is a cheap introduction to a career you are considering, from data science and information technology to cybersecurity and user interface design, and a lot more for less than $50 a month. However, to get the most out of Coursera, there are some strategies you should follow.  While the strategies I talk about after this mainly applies to the the cybersecurity certificate, most of the tips should work in general toward other technical Coursera professional certificate programs as well. 1. Understanding how Coursera payment works Coursera is usually organized around "certificate programs", which has several courses. For example, the cybersecurity certificate course from Google / Coursera has 8 courses. [insert ...
Post a Comment
Read more

So I bought a 6-key macro keyboard with a twist knob... how to program it?

One day, I was browsing Temu, when I came across this 6-key macro keyboard with a twist knob, and it's for a ridiculous price of like... $13.93 with free shipping.  So I ordered one.  It's here, and it's exactly as advertised... Except for one thing: there is no manual, and no driver. There is NO paper in the box either. And the listing has no instructions.  However, it is basically this item on Amazon:  https://www.amazon.com/Programming-Keyboard-Mechanical-Photoshop-Software/dp/B0B7B4MP29/ At least the Amazon seller put up a link to their copy of the driver: https://drive.google.com/file/d/1MvJGXrs-HVSmthIK4Z8NJZKMB8Ha4ZSr/view Which I have scanned and tested. And it works for the Temu one too. It's the same board.  The program needs to be unzipped and copied to a directory on your HD. It has no "installer".  The EXE is called "MINI Keyboard V02.1.1" The interface is also pretty crap, But basically, it goes like this.  The "keys" are mapp...
Post a Comment
Read more