The FBI on Thursday issued a warning to the public after investigating a malicious campaign targeting former senior US federal or state government officials with deepfakes.
The campaign, the agency says, relies on text messages and AI-generated voice messages impersonating senior US officials, two techniques known as smishing and vishing.
After establishing communication with the victims, threat actors send malicious links allegedly transitioning the conversation to a different messaging platform, but aimed at serving malware or harvesting credentials to gain access to the victims’ personal accounts.
“Access to personal or official accounts operated by US officials could be used to target other government officials, or their associates and contacts, by using trusted contact information they obtain. Contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds,” the FBI alert reads.
“If you receive a message claiming to be from a senior US official, do not assume it is authentic,” the agency notes.
Observed smishing attacks impersonate a victim’s associate or family member, while vishing messages use AI-generated audio masquerading as well-known public figures, as well as personal relations, to convince the victim of the message’s authenticity.
To stay protected, potentially targeted individuals are advised to always verify the identity of the caller or the person sending a text or voice message, by researching the phone number, organization, or person.
They should also verify the email address, contact information, and spelling in correspondence, find small imperfections in images and videos, carefully listen to the tone and word choice to identify voice cloning, and contact the relevant authorities when in doubt about a message’s authenticity.
Furthermore, individuals should refrain from sharing sensitive information with people they have not met in person, refrain from sending money and other valuable assets to unknown persons, refrain from clicking on links or opening attachments from unverified senders, and set up multi-factor authentication for their online accounts.
“Create a secret word or phrase with your family members to verify their identities,” the FBI also recommends.
Related: FBI: Fake Ransomware Attack Claims Sent to US Executives via Snail Mail
Related: FBI: Cybercrime Losses Surpassed $16.6 Billion in 2024
Related: In Other News: Cloudflare Abuse, UK and EU Cybersecurity Reports, FBI Gen-AI Alert
Related: CISA, FBI Warn of China-Linked Ghost Ransomware Attacks