Skip to main content

The Phantom Hacker Scam -- Everything you need to know

When the FBI warns people about the scam, this is serious, but this is actually just a variation of the scam that perpetrated upon the Asian community for a while. 

To make a long story short... 

Stage 0 

Beware when you are contacted via some method, text message, pop-up on your computer, a direct phone call, supposedly from a company that you had patronized before (a national brand, like Amazon, Best Buy, Uber, and so on). Those companies usually do NOT contact you directly, but these imposters will. Anyway, the message claims you need to call them right away to mitigate any damage. 

Stage 1

When you call, the imposter will ask you to download some program so they can control your computer from afar, in order to show you some supposed "evidence" that either have been hacked or will soon be hacked, ask about your bank, and claim your bank's fraud department will be contacting you shortly. This is of course, another imposter. 

Stage 2

"Your bank's fraud department" (not really) then calls, and basically "verifies" the previous imposter's claim that you've been "hacked" or will be hacked, and you need to transfer the money to some "safe" account operated by some special government program, often the "Federal Reserve" and will get it back soon. The transfer can be done by wire transfer, cash transfer (Venmo, etc), Western Union, or even cryptocurrency transfer. The imposter than will initiate stage 3, claiming the "Federal Agent" will be in touch. 

Stage 3

"Federal Agent" who allegedly operates the safe harbor program for your money will then call, and will often present a fake receipt with fake title or stationery, to close the transfer. You will send it money via the agreed method, whether it be wire transfer, crypto, gift cards, or Venmo (and similar) methods.  

End Result

You never see your money again

Since you initiated those transfer yourself, your bank will likely NOT reimburse you for any losses. 

Namesake

Since there was no real hacker threat, this scam became known as the "phantom hacker scam". 

Origins

This is a variation of a common scam from China against Chinese ex-pats. Scammers reach Chinese victims on WeChat or other platforms, including SMS and phone, convincing victims that they're being investigated by Chinese Public Security (i.e. Chinese police) and victims are implicated in some sort of money laundering scheme, and unless the victims transfer the account's content into a "monitored account" they will be considered accessories to the laundering. Of course, their money was never seen again. 

Protect Yourself

Do NOT click on pop-ups, links, or attachments you are not sure about, even if it sounds urgent

Do NOT call phone numbers provided in such uncertain links either

Do NOT download something just because someone over the phone told you to

Do NOT allow some Internet rando control your computer

US Government will NOT ask you to send it money via wire transfer, crypto, or gift cards... 


Labels:

Comments

Post a Comment

Popular posts from this blog

I finished Google Cybersecurity Certificate in 5 Days. What did I learn?

As of May and June 2023, there were a lot of buzz about the Google Cybersecurity professional certificate issued in conjunction with Coursera.  So I took the 8 course certificate program, and I was able to finish it in 5 days (May 31st to June 4th), which is so fast, it was within the 7 day trial period, so I did not pay anything (normally $49.00 USD).  I did go in with a couple unfair advantages: * I already know SQL * I already know Python * I was an IT professional  * I have taken a cybersecurity intro course before * I was also between jobs so I have a LOT of time to dedicate to studying * I have taken many Coursera courses before (back in early 2020) So is the course any good? I think it is a good course for people who have no idea what to expect, and this will give them a taste on what a job in cybersecurity will involve. The video lectures are relatively short, and there were a LOT of emphasis on the non-traditional non-technical background of many of the Google em...
Post a Comment
Read more

6 tips to finish a Coursera Certificate Fast! (from the guy who did it in 5 days)

Hi, I am Captain Chang, an IT professional, and veteran of multiple Coursera certificates, most of them finished in 10 days or less. Recently, I finished the Google Cybersecurity Certificate in 5 days. A link to that video is in the description.  To me, Coursera education is a cheap introduction to a career you are considering, from data science and information technology to cybersecurity and user interface design, and a lot more for less than $50 a month. However, to get the most out of Coursera, there are some strategies you should follow.  While the strategies I talk about after this mainly applies to the the cybersecurity certificate, most of the tips should work in general toward other technical Coursera professional certificate programs as well. 1. Understanding how Coursera payment works Coursera is usually organized around "certificate programs", which has several courses. For example, the cybersecurity certificate course from Google / Coursera has 8 courses. [insert ...
Post a Comment
Read more

I Got Both Google Cybersecurity and and ISC2 Certified in Cybersecurity. Should You?

The Google Cybersecurity Certificate and the ISC2 Certified in Cybersecurity are two of the most popular cybersecurity certifications available. Both certifications cover a wide range of topics, including network security, application security, and security operations. However, there are some key differences between the two certifications. Both Google Cybersecurity Certificate and the ISC2 Certified in Cybersecurity are considered entry-level certifications The Google Cybersecurity Certificate is very friendly for people who did not come from a computer background, but if you already know IT, Linux, SQL, or Python, you will have an advantage here. You will also learn some practical cybersecurity tools, such as SIEM and Splunk log reading, and you will end up trying to write incident report logs, short analysis reports, and so on.   The ISC2 Certified in Cybersecurity is more focused on theoretical and base level knowledge, with a bit more discussion on the differences among in...
Post a Comment
Read more