#47: Phantom Hacker Scam, PayPal's Missed Signals, National Fraud Prevention Plan

Scams are getting more coordinated. Whether it's senior citizens being manipulated into moving their life savings across three layers of deception, or a payment platform’s defenses quietly failing at scale, the pressure is rising for fraud teams to rethink how and where they monitor risk.

Let’s get into it.

NATE'S TAKE - SEPTEMBER 2, 2025

Top Three This Week

1. The Phantom Hacker Scam and Its Multi-Stage Manipulation
2. PayPal’s Missed Signals Ripple Across Europe
3. A National Strategy for Fraud Prevention?

1. The Phantom Hacker Scam and Its Multi-Stage Manipulation

The FBI is sounding the alarm on a scam that's already cost victims - mostly seniors - over $1 billion: the Phantom Hacker.

What makes this one so effective is the choreography. It starts with someone posing as tech support convincing the victim to download remote access software. From there, they direct the victim to log into their bank, not to steal passwords, but to pick the most lucrative account. That’s when the handoff happens. The victim is told they’ll receive a follow-up call from their bank’s fraud department, but it’s another scammer who now claims their funds are compromised and must be moved to a “safe” account. In some cases, a third actor joins in pretending to be from the U.S. government pressuring the victim to transfer money again.

The whole thing feels real to the victim because it builds layer by layer. There's no single red flag. It's the pattern that matters, and that’s exactly why so many fraud systems miss it.

If your detection logic is only looking at one device, one login, or one transaction, you’re blind to the coaching behind the scenes. The real risk signal here is the coordination across events, channels, and time. This kind of multi-step fraud is a challenge for rules and visibility.

Proactive education matters, but journey-level anomaly detection is the only way to catch the orchestration mid-stream.

2. PayPal’s Missed Signals Ripple Across Europe

Last week, German banks quietly halted over €10 billion in PayPal transactions after flagging a surge of suspicious direct debits. PayPal’s usual fraud detection system either failed or was severely degraded, and banks were suddenly flooded with unvetted requests that would’ve otherwise been stopped upstream.

While PayPal called it a temporary service interruption, the real-world impact was massive, especially for banks that rely on PayPal as a trusted partner.

What’s striking is how quickly trust can erode when signal-sharing breaks down. PayPal’s backend usually filters out fraud before it ever touches a bank, but that didn’t happen here.

For fraud teams, this is a reminder that even well-established partners can be single points of failure. If you're not monitoring the behavioral quality of third-party requests or building contingencies for when a partner’s defenses falter, you’re betting your fraud posture on someone else’s uptime.

The banks caught this one, but only because they were looking. Most businesses aren’t. And when the pipes go bad, it’s your customers who pay for it.

3. A National Strategy for Fraud Prevention?

In an op-ed last week, JPMorgan’s Darius Kingsley made a case for treating online scams not just as a consumer issue, but as a national security threat.

The numbers back him up: California alone lost more than $2.5 billion to online fraud in 2024, with seniors losing $832 million of that. Kingsley oversees consumer protection and scam prevention at JPMorgan Chase, where their teams reportedly blocked more than $12 billion in fraud attempts last year. But his message wasn’t about the bank’s capabilities, it was about the limits of what any one institution can do alone.

Scammers are using AI to spoof caller IDs, hijack trusted brands, and create online storefronts that look real enough to fool anyone. They're coordinating across platforms and across jurisdictions. Banks, tech companies, telecoms, and regulators need to do the same. That’s the gap Kingsley is pushing to close.

JPMorgan is part of the Aspen Institute’s National Task Force for Fraud and Scam Prevention, which will soon release a national strategy to confront this problem systemically, but for fraud fighters the takeaway is simple: collaboration is the job. Your controls can’t scale faster than the threat if you’re working in a silo.

===

That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.

‍