A new wave of sophisticated scams is sweeping across Canada, draining bank accounts and leaving victims devastated. The Canadian Anti-Fraud Centre has issued a warning about a sharp increase in “phantom hacker” scams, where fraudsters impersonate officials from banks, government agencies, credit bureaus, police, and even companies like Amazon.
Using a deceptive technique known as spoofing, scammers make it appear as though phone calls are coming from legitimate institutions. They often possess pieces of the victim’s personal information, making the calls even more convincing. The victim is told their bank account has been compromised, and in a panic, they are manipulated into allowing remote access to their devices, transferring funds, or providing sensitive banking details.
A high-profile example surfaced earlier this year when a Toronto woman posted a viral TikTok recounting how fraudsters, claiming to be her bank’s fraud department, wiped out her entire chequing and savings accounts. Tearfully, she warned others of the scam after realizing she had been tricked by impostors who appeared legitimate in every way.
This type of fraud, often dubbed the “phantom hacker” scam, is a modern evolution of the tech support scams that previously targeted seniors. Today’s version adds more complexity, often involving multiple fake departments or agents to establish credibility. In some cases, victims are instructed to download remote-access programs that give the scammers full control of their devices under the guise of running security checks.
Once trust is gained, the scammers warn victims of ongoing hacking threats and urge them to move their funds to so-called “secure” third-party accounts—accounts controlled by the fraudsters. The money is typically moved via wire transfers, cryptocurrency, or even cash delivered over several days. Some victims have also reported couriers arriving at their homes to collect bank cards, further deepening the illusion.
Scammers may already have some account information due to previous data breaches or malware. If the victim uses multifactor authentication (MFA), the fraudsters trick them into revealing the code by claiming it’s a verification step. In reality, that code gives the criminal access to the account.
The Canadian Bankers Association emphasizes that banks will never call you unexpectedly to request personal details or ask you to download any remote access tools. If you receive such a call, hang up immediately and contact your bank directly using a verified number from their official website or banking app.
Canadians are urged to remain cautious and never trust unsolicited calls, even if the number appears legitimate. When in doubt, verify before taking any action—because one wrong move could cost you everything.
Ask ChatGPT