Be careful — it’s getting ever more dangerous out there. We’re not yet through month one of 2025, and the AI-fueled cyber attacks we were warned would dominate this year are already in full flight. And while there are some macro-level threats — Chinese hackers compromising our networks and Chinese AI compromising our phones, you’re still most at risk from your own mistakes as you let your guard down against the influx of everyday threats.
So it is with the wave of “phantom hacker” attacks “currently targeting Apple and Android products,” which the FBI has warned is “growing rapidly,” and which relies on a spoofed call from a victim’s bank tricking them into transferring money to stop it being stolen by a non-existent (phantom) hacker. “And they may even be able to spoof that bank’s phone number,” the bureau warns, “so the number on your caller ID or cell phone might show that it’s the bank.”
This spoofed call threat is expanding rapidly, and has maybe reached peak-2025 already, with a hacking-savvy engineer almost caught out by an attack spoofing Google’s support numbers, which he described as “the most sophisticated phishing attack I’ve ever seen.” It should serve as a clear warning that you can’t believe what you see and need to stick to basic advice.
And on that note there’s a common theme. Google has confirmed it won’t proactively call users to troubleshoot technical issues, per this latest AI attack; and in the highest profile recent Phantom Hacker attack, the bank involved told its account holders to “remember that Bank of America will never contact you to request that you move money to protect yourself from fraud.”
Microsoft has just revealed a new update for Windows users that uses its own AI to hit this threat head-on, intercepting such “scareware” attacks targeting PCs with fradulent support calls. The FBI reports that victims lose over a billion dollars per year to tech support and related scams,” Microsoft warned in its post, linking to the bureau’s advisory on how to stay safe.
The FBI’s warning could not be clearer: “Legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.” There are no exceptions. None.
With a wry irony, even law enforcement is not immune from becoming embroiled in such scams. If you needed a perfect illustration as to how close to the mark these call scams have now become, look no further than U.S. CBP warning that its “employees are continuing to receive numerous calls from people concerned about unsolicited calls from scammers posing as U.S. Border Patrol agents and U.S. Customs and Border Protection officers.”
