Phantom Hacker Scam - Targeting Senior’s Billion-Dollar Retirement Funds - X-Industry

The US Federal Bureau of Investigation (FBI) is currently warning of a three-phase fraud scheme that uses tech support, bank, and government impostors to target elderly victims. A cybersecurity expert warns of a scam that has been used to drain entire life savings or retirement accounts has become "devastating" for seniors.

The FBI in Los Angeles on 15 July posted a reminder on X about the Phantom Hacker Scam, which has cost Americans over $1 billion since at least 2024, according to the agency. The FBI said the scam targets senior citizens and warns that victims could lose their "life savings." The scam operates in three phases: a "tech support impostor," "financial institution impostor" and a "US government impostor."[1]

Every year, American seniors lose over $28 billion to fraud. But here's the shocking part: Only a fraction ever gets reported. If you've received a letter, email, or call claiming you've been "pre-qualified" or "pre-approved" for a 401(k) rollover or annuity upgrade, beware. These scams are getting smarter. They sound official and even personalized. But the offers aren't random; they're based on real details about you.[2]

So why are these retirement scams appear so real? Scammers now buy your personal data from data brokers to craft convincing offers. If you're in your 50s or 60s, you're a prime target. They know your age, homeownership status, estimated net worth and even retirement timeline. They don't guess, they know. Your information is being sold across hundreds of websites, and thousands of people can access it. Now, are you curious about how exposed you are?

ARTIFICIAL INTELLIGENCE (AI). What is a "pre-qualified" retirement scam? These scams mimic real communications from financial institutions. You might get a letter or call claiming you're approved for a new investment or annuity opportunity. Scammers often use financial buzzwords like "IRA consolidation" or "required minimum distribution guidance." The goal? To make you feel like you're dealing with a trusted expert. They create fake advisor profiles, complete with headshots, license numbers and US contact info. Many even add logos or branding from familiar banks to boost credibility. But once you respond, they'll ask for private financial info or, worse, get you to transfer funds directly into their accounts.

Why older adults are prime targets? Scammers love targeting seniors because they typically have savings and are making major financial decisions. Plus, their data is easier to get. The unregulated data broker industry makes it easy for bad actors to find and target seniors with laser focus.

How scammers get your data - These scams are fueled by data purchased from brokers. These companies gather your details, compile profiles and sell them, often without your knowledge. You could appear on lists labeled "Retirees with $250k+ Net Worth" or "Homeowners Nearing Retirement." It's alarmingly precise. Some brokers scrape public records, while others buy data from loyalty cards, surveys or sweepstakes. Bottom line: this happens quietly, behind your back.

The financial toll of these scams - In 2024, the FBI reported that seniors lost over $4.8 billion to scams, a record high. Retirement-related fraud was a major part of that. Once your money is gone, it's usually gone for good. Even if the scammer misled you, your bank may not cover the loss if you authorized the transaction. These scams drain more than just savings. They create lasting stress, fear and obviously - shame. Prevention is your best defense.

In the first phase, a tech support impostor will contact victims through text, phone call or email, then direct them to download a program allowing the scammer remote access to their computer. Then, the scammer asks victims to open their financial accounts to "determine whether there have been any unauthorized charges," which the FBI says "is most lucrative for targeting." Afterwards, the scammer will choose an account to target, then tell the victim they will get a call for further instructions from the "fraud department" of the bank hosting their account.

In the second phase, the financial institution impostor will then call the victim and inform them that their funds have been "accessed by a foreign hacker" and must be moved to a "safe" third party account. Victims are then instructed to send the money via wire transfer, cash or cryptocurrency, and are told to send "multiple transactions over a span of days or months."

In the third phase of the scam, the victim could be contacted by someone posing as a US government employee, who prompts the individual to move their funds to an "alias" account for protection.

The old pigeon drop scam. Swindling the elderly has been going on for years. The pigeon drop scam is a classic confidence trick that preys on a victim’s trust and greed. In this scam, the “pigeon”—the victim—is convinced to hand over money to someone (the scammer) with the false promise of a lucrative return or to help “secure” a supposed windfall. In reality, the scammer disappears with the victim’s money, leaving them empty-handed. The elderly are the most vulnerable. Now the criminals are using the online data information and using AI to commit their crimes.

Pete Nicoletti, is the chief information security officer at Check Point, and relayed that the scam has become "devastating" for seniors. He stressed that families need to have discussions with their loved ones to keep them protected. Nicoletti said scammers are now getting personal with some of their tactics, targeting people with specific interests they have. "The family should have dinner-time discussions about this," he said. "But, you know, seniors are posting things on Facebook like they're a Corvette collector. The criminals are actually using artificial intelligence to look for those type of characteristics and profiles. And they'll send you an email or a message saying, 'hey, that Corvette that you ordered a month ago is now available. It's, you know, for $500, you can get it… and we'll deliver it to you right away. And of course, the senior goes, 'well, I'm a Corvette collector. Maybe I was forgetful and I didn't know that I ordered that Corvette, or, you know."

This article is shared with permission at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC). For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings: