FBI Warning—Do Not Install This App On Your PC Or Smartphone
It starts with a message — it ends with you losing your life savings.
Republished on July 25 with information on new tactics as attacks evolve.
“It starts with an unsolicited message,” the FBI warns, “and it ends with you losing your savings.” Attacks are now surging across the U.S., targeting citizens with malicious texts, emails and popups. And per the latest warnings, with dangerous apps as well.
“The threat is growing fast,” the bureau says, as citizens across the U.S. are contacted by their banks with messages urging them to “call tech support for assistance.” When you respond, you’re told your money is at immediate risk from a hacker who has broken into one of your devices, and that you will be guided through a process to keep it safe.
But the “hacker” is a phantom. The real threat comes from the person you’re speaking with on the phone — or rather the people. You will speak with more than one.
Because you’ve been “hacked,” tech support will help you install an app to allow them to verify the security on your device. Once that app is installed, they will ask you to check your bank accounts for fraudulent transactions. But as you do so, the attackers can see what you have and where it is. The scammers will then continue to “help” you move all that money to a safe account, out of reach of the phantom hacker they have invented.
That safe harbor is their own account or crypto wallet. Your money is then gone.
You should not engage with the text or email or popup in the first place. But even if you do, you must never install any apps or software when asked to do so like this. As the bureau warns, “if someone you don’t know contacts you and asks you to download software, no matter who they say they work for, don’t do it.” It is that simple.
In recent days we have seen new warnings for citizens to beware these phantom hacker attacks and to beware fake calls from government agencies — including the FBI — that can spoof field office phone numbers to make scams harder to detect.
As ever, the good news is that staying safe is all down to 100% adherence to golden rules. In this instance — never install apps when asked to do so in unsolicited calls, texts or emails. But the same is true with calls from supposed law enforcement on missed jury duty or unpaid fines. And with links in texts about unpaid tolls or motoring fines. And with tech support numbers that pop up on your screen, asking you to call.
Call scams are surging across a range of lures, including the increasingly widespread impersonation of law enforcement agencies demanding payment to avoid arrest. The latest such warning has just been issued in Illinois.
But you’re still more likely to be targeted by texts with malicious links than calls. There are literally billions of these messages being sent out, many of which are filtered but millions still get through to the intended targets each day. The latest Amazon scam, which has just surged 5000% in a fortnight, is the latest of these.
FBI’s Boston field office has just issued another alert as the latest lure — unspecified DMV motoring offenses — sweeps across the a state. “Drivers in our area have received text messages falsely claiming to be from the DMV requesting payment to resolve traffic violations or unpaid fees,” the bureau pointed on X.
“In reality,” the FBI says, “it’s an attempt by criminals to access your financial & personal information. Don’t click the link and report the fraud.”
These Phantom Hacker attacks use a text message for the initial lure, encouraging you to call a support number which then puts you in touch with the scammers. But it’s now just as likely the attack will begin with a phone call pretending to be from the bank.
The number could be spoofed to appear to be the bank’s genuine number, and because that’s the case it’s not enough to simply check the number online and stay on the call. You need to hang up and call back independently. This also brings the added urgency of an unsolicited call to warn your money is at risk and to push you to act fast.
In this the advice from all major banks is the same as for the major tech brands being impersonated for the tech support variant of this scam. None of these organizations will ever call you unexpectedly to warn of this kind of fraud.
Bank of America, by way of example, is clear with its account holders. It will “never text, email, call, or visit you at your home asking for personal or account information.” It also advises those banking customers “remember, never click a link or download an attachment from someone you don’t know.”
But you also need to remember that AI is being harnessed by these cyber criminals to make everything more realistic and believable. This makes it easy for criminals to send faked letters to other documents to convince you they’re legitimate.
And it could get even worse. New warnings have been issued in Europe, where these banking attacks can now even result in scammers visiting victims’ homes. It starts as per usual, with messages asking bank clients “to confirm a fake payment,” and then prompting them “to call the provided phone number to cancel the transaction.”
It’s at this point that an app may be deployed to give the attacker access to account information, enabling them to focus the next stages of the scam. But in France, these tactics have also evolved to steal physical banking cards, enabling attackers to withdraw cash from ATMs or to make purchases.
“Some reports suggest that once the fake phone call has ended, scammers now send accomplices pretending to work as couriers for the victim’s bank to collect the targeted credit card. The information used by the scammer on the potential victim, such as their home address and phone number, could be obtained in various ways, including phishing, account hacking, or data leaks.”
The physical lures even include “fake couriers knocking on the victim’s door, sometimes wearing a badge or branded clothing from the relevant bank, to collect their card.”
As one bank warns, “the scammer may ask you to cut your card in half without damaging the chip. This will allow them to continue using it without your knowledge. In some cases, the fraudster may also provide you with a fake replacement card.”
But it all starts with a call or a text. If you know the signs of a scam — a fraudulent call or message, then the rest is irrelevant. You won’t be drawn into the attack.
But If you do fall victim to a Phantom Hacker or DMV scam — whether by call or text, FTC’s advice is to “act quickly to report it to the company or bank behind the gift card, cryptocurrency, payment app, or wire transfer service. Depending on how you paid, you might be able to get your money back. But no matter how you paid, it’s worth asking.”
All these attacks are good and believable. Scammers are polished on calls. They have heard every objection and question before — and they’re ready to handle yours. You really do need to adopt a zero tolerance approach to all such unsolicited calls and messages. If you don’t engage, you don’t get scammed. Just keep that in mind.