After a recent warning issued by the Federal Bureau of Investigation (FBI), a three-stage scam method known as “Ghost Hackers” has once again become a focal point of attention. Criminals impersonate technical support staff, financial institution employees, and government officials to defraud individuals, potentially leading to the depletion of victims’ life savings.
According to The Hill, unlike other scams, “Ghost Hackers” typically involve three distinct stages, each building upon the previous one, aimed at persuading victims to transfer money out of their accounts as instructed.
This is not a new scam method, as the FBI had previously warned about “Ghost Hackers” approximately two years ago. Scammers often use the guise of protecting victims’ assets to trick them into depleting funds from all their bank accounts, savings, retirement, or investment accounts.
FBI data shows that since 2024, “Ghost Hackers” have defrauded over $1 billion in funds.
The FBI stated that the scheme primarily targets elderly individuals and warned that victims may lose their “life savings.”
Aaron Rose, Security Architect at the cybersecurity company Check Point Software, highlighted that scammers often exploit victims’ personal interests to target them. Individuals interested in vintage cars, antique watches, or other items may inadvertently reveal their preferences on social media, making them potential targets for fraudulent schemes.
Rose noted that scammers leverage victims’ personal interests to conduct fraud, thus reducing the likelihood of being detected.
“AI technology can analyze social media content to identify personal interests and significant life moments, and then generate seemingly tailor-made fraudulent messages,” Rose said.
Scott Davis, President of the Pennsylvania Internet Security Association, emphasized in an interview published by The Patriot-News this week that these scams are not random cold calls but rather “highly orchestrated attacks that exploit trust, fear, and urgency to commit fraud.” Scammers manipulate victims by forging phone numbers, assuming false identities, and even following up with calls or letters to fabricate convincing lies. These elderly victims mistakenly believe they are protecting their finances while unknowingly handing their money over to criminals.
“It’s not just a technical issue, but a human one,” Davis said. “Criminals are manipulating human behavior and trust. Families need to communicate with their loved ones so they can recognize warning signals. In reality, no government agency or legitimate financial institution would request wire transfers, cryptocurrencies, or prepaid cards.”
Scammers impersonate a legitimate company’s technical or customer service representative, contacting victims via phone calls, texts, emails, or pop-up windows on victims’ computers and instructing them to call a number for technical “assistance.”
After victims call the number, scammers direct them to download a software program that allows remote access to the victim’s computer. The scammers pretend to conduct a virus scan on the victim’s computer, falsely claiming that the computer has been hacked or is at risk of being hacked.
Subsequently, scammers request victims to open their financial accounts to verify any unauthorized transactions. This is actually a ploy for scammers to determine which of the victim’s accounts is most lucrative and worth targeting. Scammers select a target account and inform the victim that they will receive a call from the bank or financial institution’s “fraud department” of the target account to provide further instructions.
Scammers pretend to be representatives of the financial institution mentioned in the first stage (such as a bank or securities firm) and contact the victims. They falsely claim that the victim’s computer and financial accounts have been breached by foreign hackers, asserting that the only way to safeguard the funds is to transfer money to a “secure” third-party account, such as the Federal Reserve Bank or another US government entity’s account.
Scammers instruct victims to transfer money via wire transfers, cash, or cryptocurrencies, with these funds often being sent directly to overseas recipients. Victims may be asked to carry out transfers over several days or months.
Furthermore, scammers instruct victims not to disclose the true reason for the fund transfer to anyone.
To make the first two stages more credible, scammers sometimes impersonate personnel from the Federal Reserve Bank or other government entities and communicate with victims. If victims become doubtful of these impersonators, scammers may send a seemingly official email or physical letter from the government using falsified letterhead to dispel concerns.
Scammers emphasize to victims that their funds are in an “unsafe” state and assert that transferring the funds to a new “alias account” is necessary to ensure safety. They repeatedly stress this point until the victim gives in.
Experts suggest several methods to help prevent falling victim to the “Ghost Hackers” scam and advise sharing this information with family or others.
“The simplest and most important advice is: never allow remote access to your computer due to a stranger’s call,” said cybersecurity expert Rose. “Do not transfer your money just because someone claiming to be a bank or government employee instructs you to do so. Hang up the call, dial the official phone number listed on your bank statement, and verify the situation yourself.”
If uncertain about what to do, promptly end the call and discuss with someone you trust before making a decision.
“Scammers rely on secrecy and pressure,” Rose stated. “Breaking this pattern, staying calm, and discussing with others—whether friends, family, bank personnel, or local law enforcement officers—is often the best defense.”
The FBI encourages all victims of these crimes to contact their local FBI office or report through tips.fbi.gov.