Be careful—it’s getting ever more dangerous out there. Even though we haven’t reached the first month of 2025, the AI-fueled cyber attacks that we were warned would dominate this year are already underway. And while there are some macro-level threats—Chinese hackers compromising our networks and Chinese AI compromising our phones—you’re still most at risk from your own mistakes as you let your guard down against the influx of everyday threats.
So it is with the wave of “phantom hacker” attacks “currently targeting Apple and Android products,” which the FBI has warned is “growing rapidly,” and which relies on a spoofed call from a victim’s bank tricking them into transferring money to stop it being stolen by a non-existent (phantom) hacker. “And they may even be able to spoof that bank’s phone number,” the bureau warns, “so the number on your caller ID or cell phone might show that it’s the bank.”
This spoofed call threat is expanding rapidly and has already reached peak 2025. A hacking-savvy engineer was almost caught out by an attack spoofing Google’s support numbers, which he described as “the most sophisticated phishing attack I’ve ever seen.” This should be a clear warning that you can’t believe what you see and must follow essential advice.
And on that note there’s a common theme. Google has confirmed it won’t proactively call users to troubleshoot technical issues, per this latest AI attack; and in the highest-profile recent Phantom Hacker attack, the bank involved told its account holders to “remember that Bank of America will never contact you to request that you move money to protect yourself from fraud.”
Microsoft has just revealed a new update for Windows users that uses its own AI to hit this threat head-on, intercepting such “scareware” attacks targeting PCs with fraudulent support calls. The FBI reports that victims lose over a billion dollars per year to tech support and related scams,” Microsoft warned in its post, linking to the bureau’s advisory on how to stay safe.
The FBI’s warning could not be clearer: “Legitimate customer, security, or tech support companies will not initiate unsolicited contact with individuals.” There are no exceptions. None.
With a wry irony, even law enforcement is not immune from embroiled in such scams. The U.S. CBP’s warning that its “employees are continuing to receive numerous calls from people concerned about unsolicited calls from scammers posing as U.S. Border Patrol agents and U.S. Customs and Border Protection officers” perfectly illustrates how accurate these call scams have become.
