Well, it’s that time of year again! It’s Cyber Security month! It’s during the month of October that we intentionally focus on reminding you, as users of technology, to be mindful of your computing habits. It’s also the time we highlight the typical strategies engaged by scammers to part you with your peace of mind. For this and the next tech article, here is a way to understand the role you play in maintaining a consistent CYBER Security posture: Checking Your Behavior Elevates Resilient Security.
Even with all of the “built-in” security of virus detectors, modern browsers and products that can warn against things like phishing and malware, block pop-ups, check downloads, perform automatic updates, integrate built-in password managers, and so forth, the truth is that tools can only take us so far. The real safeguard is our everyday mindfulness to pause before we click or respond to unsolicited engagements, notice when something feels off, and intentionally choose not to succumb to the sense of urgency that is the hallmark of so many scams.
One scam in particular that numerous security organizations, including the FBI and its Internet Crime and Complaint Center (IC3.gov) have warned about is the Phantom Hacker. This is not a masked, caped perpetrator going computer to computer, wreaking havoc. Instead, it is a complex, three-tiered ruse, typically aimed at seniors, that is an evolution of more general tech support scams. This scam, however, progresses through three stages, aimed at identifying the most lucrative accounts to target. People who have been duped by this scam often suffer the loss of entire banking, savings, retirement, and/or investment accounts under the guise of “protecting” their assets. This is basically how the scam works:
Stage One, Tech Support Imposter: In this stage, a scammer posing as a customer support representative from a legitimate technology company initiates contact with you through a phone call, text message, email, or popup window on your computer/device. The message tends to be persistent and instructs you to call a number for “assistance.”
Once you make the call, the scammer directs you to download a software program that allows them to access your computer remotely. They pretend to run a virus scan and falsely claim your computer has either been or is at risk of being hacked. Of course, the only hacking that has occurred is what you have given consent to by allowing someone unknown to you and someone with whom you did not initiate contact, to access your computer/device. Now, having created fear and concern in your mind, the scammer requests that you open your financial accounts to check for any unauthorized charges. This allows them to determine which financial account is most lucrative for targeting. They set you up for the next stage by saying you will receive a call from your financial institution’s fraud department with further instructions.
Stage Two, Financial Institution Imposter: In this stage, another scammer, posing as a representative of the financial institution, contacts you and falsely informs you that a foreign hacker has accessed your computer and financial accounts. They then advise you to move your money to a “safe” third-party account, such as an account with the Federal Reserve or another U.S. Government agency. While they are assisting you in safeguarding your money, they are actually directing you to transfer money via wire transfer, cash, or wire conversion to cryptocurrency, often directly to overseas recipients. They paint a scenario such that when they tell you not to inform anyone of the real reason you need to move your money, your concern and fear cause you to adhere to their directive.
Stage Three, U.S. Government Imposter: In this stage, a scammer posing as a Federal Reserve or other U.S. Government agency reinforces your need to move your money. If you become suspicious, they may even send you something on Government letterhead to legitimize the scam. They will continue to emphasize that your funds are “unsafe” and must be moved to a new “alias” account for protection until you concede. People who succumb to this scam often lose their entire banking, savings, retirement, and/or investment accounts under the guise of “protecting” their assets. At this point, recovering those assets is essentially impossible.
Becoming a casualty of Phantom Hacking can be a debilitating experience, impacting not just you as the victim but your entire family. Maintaining a CYBER Security posture by remembering that Checking Your Behavior Elevates Resilient Security, will go a long way toward safeguarding not only your assets but your peace of mind.
