Article

How to dodge banking scams like the “Phantom Hacker”

scammers hiding in tall coat at ATM illustration
Corey McAuley
Corey McAuley
|
24 Apr 2024
|
6 min read

With scam attempts rapidly increasing in recent years, banks and financial services across the world have issued warnings to consumers to be on the lookout for new and sophisticated banking scams. 

One such organization is Finland’s OP Financial Group, who have received numerous reports of fake text messages from criminals posing as them and informing their customers of fake card payments to phish for personal data. It’s a similar story in the US, with the Federal Trade Commission reporting that the most common type of SMS scam involves scammers posing as well-known banks, such as Bank of America and Wells Fargo, and sending fake bank security messages to consumers. 

In this article, we explore recent banking scams and explain what you can do to protect yourself from scammers. 

Think you've received a fake SMS?

Use our instant F-Secure Text Message Checker

The “Phantom Hacker” scam wiping seniors’ accounts

The FBI has warned about a three-phase scam that claimed more than half a billion US dollars in losses in the first half of 2023 alone, often by targeting senior citizens and taking their life savings.

This fraud initially resembles a tech support scam and develops into a more elaborate version of a ‘safe account’ scam – criminals impersonate banking and/or government officials and tell their victims they must transfer money to various accounts for ‘safe’ keeping, insisting the transactions are kept secret.

How does this three-phase scam work?

Phase 1: the scammer impersonates a tech support professional.

They contact the victim and tell them to call a number for assistance. The scammer will then tell the victim to download software so they can remotely access their device to 'scan for viruses'. They will later claim that the device has been hacked. The scammer instructs the victim to log into their online banking to check for any unauthorized transactions – this helps the scammer identify an account. The victim is then told to wait for a call from their bank.

Phase 2: the scammer impersonates a worker from the victim’s bank.

They tell the victim that their account has been accessed by a foreign hacker and that they need to transfer their money via wire transfer, cash or cryptocurrency to a ‘safe’ third party account (such as a US governmental agency’s overseas account). This could be multiple transactions to different accounts over time. The victim is told not to tell anyone about why they’re moving their money.

Phase 3: the scammer impersonates a US government employee.

To make the situation seem more genuine, phase three could include the scammer sending an email or letter that appears to be official with a US government letterhead. The scammer continues to insist that the victim’s account is unsafe, and they need to ‘protect’ their money by moving it to a ‘safe’ account.

What can you do to avoid this scam?

  • Avoid clicking unsolicited links in emails, text messages or pop-ups, and instead go directly to your bank’s website or app and log into your account to see if you get the same warning.

  • Find and call the official support phone number for the tech company and/or your bank if you’re unsure – don’t call the phone number provided in the email, text message or pop-up.

  • Never give in to a request to download software from anyone who has contacted you, and never allow anyone to have remote access to your device.

  • Stop and seek help if a stranger tells you not to tell anyone about what they’re asking you to do.

3 common banking scams to watch out for

Victims all over the globe have been facing an epidemic of online banking scams. Banks have warned of a significant increase in fraud over the past few years, with impersonation, investment, and purchase fraud the main drivers. According to Barclays, some of the latest scams to watch out for include:

Cost of living scams

Scammers take advantage of the cost-of-living crisis by either directing victims to scam websites with fake discounts, posing as utility companies offering reductions in costs, or even pretending to be a government official offering support with the cost of energy bills.

How to avoid falling for this scam:
  • When shopping online, refer to our guide for safe online shopping. Go directly to a retailer’s website rather than clicking links in emails or on social media and remember the golden rule: if an offer or discount seems too good to be true, it probably is.

  • Use our free F-Secure Online Shopping Checker tool to instantly check if a website is a scam.

  • Be cautious of any phone calls that claim to offer discounts. If it feels suspicious, end the call and phone the company’s official customer support number to see if the claim is true.

SMS impersonation scams

Scammers send a text message to their victims from what appears to be their bank, referencing a recent payment that they didn’t make or providing a one-time passcode that they didn’t request. When they gain their victims’ trust, they then attempt to convince them to provide their account details.

How to avoid falling for this scam:
  • If you don’t recognize what the text message is referencing, it’s probably a scam.

  • Don’t click on any attachments or links in these messages or call any phone numbers that they ask you to call. Instead, do a Google search for the official phone number for your bank.

  • Instantly check if a text message is a scam with our free F-Secure Text Message Checker tool.

Call-forwarding scams

Scammers who have already obtained their victim’s bank account details trick the victim into setting up a call forwarding service. Impersonating the victim’s bank, the scammer asks the victim to type a series of numbers into their device’s keypad. The scammer then makes payments from the victim’s account. When the bank calls to check for genuine transactions, the scammer will pick up the call instead.

How to avoid falling for this scam:
  • Your bank will never call you asking you to type a long number preceded by 21. If you receive a text message, email or call from someone asking you to do this, block them immediately.

  • Your bank will also never call you asking for a one-time code (this code is only ever requested if you make a phone call to your bank).

  • If in doubt, hang up the phone and call your bank’s official customer service number or use the live chat feature on their website to find out if your account is under threat.

devices secured illustration

Keep banking scams at bay

Stay safe online with F-Secure Total

total app on different devices

Keep banking scams at bay with F‑Secure Total

As online banking scams increase in frequency, protecting your digital life has never been more important. F-Secure Total makes this easy, helping you to secure your digital moments with one app. Discover more online scams in our Scam Protection Hub or explore what you can do with F-Secure Total. 

  • Stay safe when banking, browsing, and shopping online.

  • Text messages from unknown senders are analyzed for safety.

  • Enjoy unlimited online privacy with the encrypted Privacy VPN.

  • Award-winning antivirus and malware protection keeps your devices clean.

Read more about Total