Phantom Hacker Scams (Fake FBI Calls) Against Seniors: How They Drain Retirement Accounts

A Phantom Hacker scam is a multi-phase imposter scheme that the FBI has warned about repeatedly — and it has drained more than $1 billion from US seniors’ bank, brokerage, and retirement accounts in a single 12-month window. Internationally, the same pattern is known as a Digital Arrest scam. The mechanics are simple to describe but devastating in practice: the scammers spend hours, days, or sometimes weeks impersonating tech support, then a bank fraud officer, then a federal agent — and they keep the victim on the phone the whole time so no one can interrupt and break the spell.

Already been scammed? If you have wired money, bought gold, mailed cash, or sent crypto because a “federal agent” or “fraud investigator” was on the phone — hang up now and read our First 24 Hours emergency guide. Speed matters. The faster you act, the better your chance of stopping more transfers.

What a Phantom Hacker scam is

The FBI describes the Phantom Hacker scam as an “evolution of the tech support scam.” It is built around three escalating impersonations, each one handing the victim off to the next, with no breaks in between. The goal is to keep the victim on the phone — sometimes for many hours per day, over weeks — so they never have time to verify anything, never call a family member, and never visit their bank in person.

In other countries — particularly India — the same pattern is called a Digital Arrest scam, because the scammers tell the victim they are under arrest and must “stay on a video call” the entire time the “investigation” is in progress. In the US, the cover story is more often framed as “we are protecting your money from hackers,” but the core mechanic — sustained, immersive isolation — is identical.

How a Phantom Hacker scam unfolds

The scam is usually structured in three phases. The whole thing can take a single afternoon, or it can drag on for weeks.

Phase 1 — Fake “tech support”

The victim sees a pop-up on their computer or phone — usually a fake security alert that says “Your computer is infected, call this number.” Or they receive an email, text, or phone call posing as Microsoft, Apple, Norton, or McAfee. When the victim calls the listed number, a “support technician” walks them through installing remote access software that hands the scammer full control of the device.

Once inside, the “technician” pretends to scan for viruses and then says, “I see suspicious activity on your bank account — let me transfer you to the fraud department.”

Phase 2 — Fake “bank fraud department”

A second scammer takes over, this one impersonating the victim’s bank, brokerage, or retirement provider. They sound calm and official. They say the victim’s accounts have been “hacked by foreign criminals” and the only way to protect the money is to move it to a “secure US Government account” — they often name the Federal Reserve, the U.S. Treasury, or the Federal Trade Commission. Real federal agencies do not have personal accounts where you “safekeep” your savings. None of them.

Phase 3 — Fake “federal agent”

A third scammer comes on the line, this one claiming to be an FBI agent, U.S. Marshal, Treasury investigator, or DEA officer. They may send doctored documents that look like FBI warrants or government letters. They emphasize the need for secrecy: “Do not tell anyone, this is an active federal investigation.” This is the phase that locks the victim in. The “agent” instructs them to convert the money into one of several forms:

• A wire transfer to an account “controlled by the Federal Reserve”
• Gold bars or gold coins, handed off to a “federal courier”
• Cryptocurrency sent to a “secure government wallet”
• Cash packaged in boxes and shipped or handed over in a parking lot

Many victims are kept on the line, in some cases by video call, for hours during the handover. They are told not to talk to bank tellers, not to tell their family, and not to hang up. That isolation is the scam.

Red flags — how to recognize this scam in progress

• A pop-up or call says your computer is infected and gives you a phone number to call. Real Microsoft, Apple, Google, and antivirus alerts never include a phone number.
• The “technician” asks you to install remote-access software. AnyDesk, TeamViewer, UltraViewer, or anything similar — this gives a stranger total control of your device.
• Someone says your bank account is “compromised” and you must move money to a “safe” government account. No real federal agency ever holds your personal money for safekeeping. Ever.
• You are told to keep it secret. “Do not discuss this with your family or your bank teller” is the loudest possible red flag. Every legitimate fraud investigation can be discussed with your family.
• You are told to stay on the phone or video call. Real federal agents do not require you to stay on a call. They never have.
• You are told to buy gold bars, cryptocurrency, or gift cards “for safekeeping.” The US government does not ever ask citizens to convert their savings into these forms.
• “Federal” or “law enforcement” documents arrive by email or text. Real FBI investigations do not start with an email PDF.
• A “courier” is being sent to your house to pick up cash, gold, or cryptocurrency hardware. This is a hallmark of the scam — and it is increasingly common in 2025–2026.

Why it works on smart, careful people

Phantom Hacker scams are not a “people fall for it because they don’t know any better” scam. The victims include retired engineers, former lawyers, former teachers, and former law-enforcement officers. The scam works because of three forces working together:

• Authority. The “FBI agent” voice, the “official” documents, the spoofed caller ID showing a real-looking number — all of these stack to convince the victim that they are dealing with the real government.
• Isolation. Being kept on the phone or video call for hours means there is no time to step back, no time to call a son or daughter, no time to walk into a bank branch and ask a teller.
• Urgency and fear. “Your money is about to be drained by foreign hackers” or “you are part of a criminal investigation” — both are designed to spike the body’s fight-or-flight response. Once a person is in fear, careful thinking shuts down. Scammers know this.

How to stop a Phantom Hacker scam already in progress

If you suspect a senior in your life is currently in a multi-day call with “the FBI” or “fraud investigators,” speed and gentleness both matter.

1. Get them off the call. Pull the phone away, mute it, or unplug it. Do not argue with the scammer — just end the call.
2. Do not shame them. Phantom Hacker scams use professional-grade manipulation. Falling for one is not a sign of cognitive decline; it is a sign that a skilled team of scammers got through. Shame makes victims more likely to keep the next scam attempt secret.
3. Disconnect any computer or phone the scammer “accessed.” Unplug it from the internet. The remote-access software needs to be uninstalled by someone you trust — preferably a local computer-repair store you choose yourself, not one the “technician” recommended.
4. Call the bank’s fraud line — not the number the scammer gave. Look up the bank’s number on the back of the debit card or on a statement.
5. Freeze credit and bank account access. See our First 24 Hours emergency guide for the specific steps in order.
6. Report. File reports with the FBI’s Internet Crime Complaint Center (ic3.gov) and the FTC (reportfraud.ftc.gov). The DOJ Elder Fraud Hotline is 1-833-FRAUD-11 (1-833-372-8311) for victims 60 and older. The U.S. Secret Service also investigates these multi-phase impersonation schemes — see their Elder Fraud page and their April 2026 Elder Fraud Advisory.

Real cases (anonymized from public news coverage)

The cases below are taken from public news reporting and have been anonymized. Names, exact addresses, and personal details have been removed. The source link goes to the original reporting if you want to see the publicly identified case.

December 2025 — Fort Worth, Texas. An 84-year-old woman lost approximately $600,000 over several weeks to scammers claiming to be FBI agents. She received daily calls and forged documents that looked like FBI warrants and badges, and was instructed to move money from her trust to local banks and convert it to gold bars. She handed roughly $500,000 in gold bars to a “courier” in a parking lot near a closed fast-food restaurant — a location with no surveillance cameras and no witnesses. She believed throughout the ordeal that she was helping the FBI investigate a case. As reported by WFAA News.

January 2026 — Multi-state (originally New York Times reporting). An 87-year-old retired lawyer searched online for a Microsoft tech support phone number and called what appeared at the top of the results. The “technician” walked him through installing remote-access software on his laptop and smartphone. The scammer kept him on the phone for nearly five hours, during which time the scammer used the access to find the man’s banking credentials and execute a wire transfer of $85,000 from his checking account. The bank later declined to reimburse him because the transfer was made using his own credentials. As reported by AOL, citing The Times.

November 2025 — San Diego County, California. A retired senior received a pop-up message that appeared to be a Microsoft virus warning, with a phone number to call. He was passed to a “fraud investigator” who said he had to deposit money into a “Federal Trade Commission locker” for safekeeping. He and his wife lost $35,000 to the scheme. The local District Attorney’s office noted that elderly San Diego County residents lost a combined $130 million to similar schemes in a single year. As reported by CBS 8 News.

Related scams

• Real cases where senior scam victims got their money back
• Government Impersonation Scams — the broader category Phantom Hacker scams belong to
• Tech Support Scams — usually Phase 1 of a Phantom Hacker scheme
• Extortion Scams — fake-arrest scams sometimes shade into outright threats
• AI-Powered Scams — voice cloning is increasingly being used to make these calls sound more convincing
• Top 5 Scam Threats for Seniors in 2026
• DOJ Elder Fraud Prosecutions Tracker — see the federal cases being brought against Phantom Hacker operators

The two rules that protect you

Rule 1. If someone calls, emails, texts, or pop-ups you unexpectedly and says you are in trouble — hang up. Do not press buttons. Do not call any number they give you. Walk away from the screen.

Rule 2. No real federal agency ever asks you to move money to a “safe account,” buy gold for safekeeping, send cryptocurrency, or hand cash to a courier. Never. If anyone says they are from the FBI, the Federal Reserve, the Treasury, or the FTC and asks for money in any of these forms — they are not who they say they are.