The phantom hacker scam uses AI-powered social engineering tactics to drain thousands of dollars from victims’ bank accounts. Attackers use caller ID and AI voice spoofing to make their scheme more persuasive—but there are a few ways to protect yourself.

How the Phantom Hacker Scam Works

The scheme involves three phases, according to the FBI. Targets are moved through each phase, where scammers impersonate a bank or government staff, claiming to be from the “Fraud Department.”

In some cases, the scam starts with an email or text telling the target that attempts to access their bank account have been detected, instructing them to call a number immediately. Other times, the target receives a call from a person claiming to be from their bank informing them about the issue.

They instruct the target to download a remote access application so that another person claiming to be from the tech support department can investigate. Once the second person gains access to the computer, they direct the target to open financial accounts so the tech support person can help identify which accounts are at risk. At this point, the hacker picks the account to target.

Then, they inform the victim that cybercriminals from overseas are accessing the account and to expect a call the following day from another department that will help secure the account. The third person calls the following day and pressures the victim to act fast before the bank account is drained. They convince the victim to transfer the funds from the compromised account to a secure government account for safekeeping using wire transfer, cash, or cryptocurrency. Sometimes, the hackers ask the victim to move funds via different transactions over a couple of days.

To make the scam believable, they use caller ID spoofing, manipulating the network’s caller ID system to disguise the attackers’ number and make it appear that the call is really coming from the bank. For instance, in January 2025, a woman from Chicago was victimized using this scheme. When she checked the number of the caller, it matched the bank’s phone number on the back of her bank card.

Attackers also sometimes use AI voice spoofing to make the people claiming to be from the bank sound more believable and convincing.

How to Protect Yourself From the Phantom Hacker Scam

This elaborate scheme can be convincing since hackers create a sense of urgency as the victim is instructed through different phases by different people. They also use advanced technology to make the scam believable. But there are ways to protect yourself.

• Avoid answering calls from numbers you don’t recognize. Even if the number appears to be from the bank and the person informs you about an issue with your account, it’s best to double-check first. Close the email, text message, or drop the call. Then, open a new browser window and contact the bank directly. Ask to be connected to their fraud department to confirm the issue.
• Don’t click links in emails and text messages to check account transactions. Close the message and access your account directly using the bank’s official app or website.
• Never download remote access applications from people you don’t know. Banks will not ask for access to your device and files to check suspicious activity, as they already have access to their system.
• Beware of strangers pressuring you to move money. Banks will never ask you to transfer money over the phone using cryptocurrency or to a secure government account. They don’t exist.
• Check for the signs of an AI voice scam. Watch out for unnatural speech patterns with awkward pauses, robotic pitch and tone, distorted voice quality, or absence of social cues. Odd noises in the background, like continuous static, are a telltale sign of voice spoofing. Most cloning tools deliver short and pre-prepared speeches, so when you ask questions and probe further, you might notice an inability to explain more or elaborate and engage in spontaneous conversation.

Artificial intelligence is making social engineering attacks more convincing and challenging to detect. In this case, AI supercharged the phantom hacker scam, making it even more sophisticated. The key to protecting yourself is to keep up-to-date with the scams and schemes hackers use to commit fraud.