FBI Warns Of Surging Use Of Vishing

Uploaded on 2025-06-04 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cybercriminals have been employing AI-generated voice messages to impersonate high-ranking US government officials in an ongoing effort to breach the online accounts of current and former officials, the FBI has warned.  

The FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign.  

“Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive a message claiming to be from a senior US official, do not assume it is authentic,” the FBI advised.  

According to the agency, the campaign primarily targets current and former US federal or state government officials, as well as their associates. Once attackers gain access to a victim’s information, they can use it to impersonate additional officials or acquaintances, thereby expanding their reach.  

High-Profile AI Voice Scam Cases

AI-generated voice calls have been used in several high-profile attacks. In 2024, an executive at Ferrari thwarted a similar attack by questioning the impersonator about a book they had previously recommended.  

A British engineering firm, Arup, fell victim to scammers, paying out $25 million after fraudsters set up a false video call meeting to trick an employee.  Similarly, in 2019, a UK energy company suffered a loss of more than £200,000 due to AI-generated phone calls.  

How The Scam Works

 The FBI explained that these "smishing" (SMS phishing) or "vishing" (voice phishing) attacks rely on AI tools to generate realistic voices. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform," the FBI stated.  

Once a victim’s account is compromised, it can be exploited for further attacks, making the scam increasingly dangerous.  

Avoiding AI Scams 

The FBI highlighted that scammers use software to generate phone numbers that are not attributed to a specific device.   To stay protected, individuals should:  

  • Independently verify the identity of the caller through research.  
  • Check the caller’s correct number before responding.  
  • Scrutinise messages for inconsistencies before sharing any information.  

When assessing videos or images for AI manipulation, experts recommend looking for subtle imperfections, such as distorted hands or feet, blurred facial features, incorrect shadows, unnatural speech synchronisation, and other irregular movements.  

While these measures can help identify fraudulent content, the agency warned that AI-generated material has become so advanced that it is often difficult to detect.  

FBI's Safety Recommendations  

The FBI advised individuals to create a secret word or phrase to verify identity when communicating online. Additionally, people should:  

  • Avoid clicking on unfamiliar links or email attachments.  
  • Never send money, gift cards, or cryptocurrency to someone over the Internet or phone unless the recipient’s identity has been thoroughly verified.  

For further official guidance, visit the FBI’s Internet Crime Complaint Centre: HERE.

CNBC    |    SAN  |   ITPro  |   Reuters  |   CNN 

Image: Ideogram 

You Might Also Read: 

Deepfakes Are Making Business Email Compromise Worse:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Scattered Spider Hackers Get Busy
Japan Enacts Landmark Cyber Defence Legislation »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ADF Solutions

ADF Solutions

ADF Solutions is a leading provider of digital forensic and media storage exploitation tools.

Regulus Cyber

Regulus Cyber

Regulus enables drones, robots and autonomous vehicles to operate safely, without malicious or accidental interference to the operation of their mission.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

Ascend Technologies

Ascend Technologies

Ascend Technologies offers a full suite of managed IT services including: Cloud & Infrastructure Management, Cybersecurity Management, Service Desk Management, Application Management , Data Management

SecureStrux

SecureStrux

SecureStrux are a cybersecurity consulting firm providing specialized services in the areas of compliance, vulnerability assessment, computer network defense, and cybersecurity strategies.

Vumetric Cybersecurity

Vumetric Cybersecurity

Vumetric is an ISO9001 certified company offering penetration testing, IT security audits and specialized cybersecurity services.

Cegeka

Cegeka

Cegeka is a family-owned IT company providing end-to-end IT solutions, services & consultancy.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

CommandK

CommandK

CommandK provides companies with infrastructure to protect their sensitive data. Built-in solutions to prevent data-leaks and simplify governance.

Moonsense

Moonsense

Moonsense is on a mission to level the playing field in the fight against online fraud.

Positka FSI Pte Ltd

Positka FSI Pte Ltd

Positka, being a Splunk Singapore partner, provides Splunk & Phantom Services, Cybersecurity & Risk Management, Analytics & Big Data, Lean Process Optimization, and Managed Security Services.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.

Efex

Efex

Efex is one of Australia’s leading Managed Technology Solutions providers. We service local companies across Australia, providing accessible, fast and straightforward IT.

Harmonia Holdings Group

Harmonia Holdings Group

Harmonia Holdings Group was born in 2006 with the vision to bring innovation and change to the federal IT sector.

BUI

BUI

BUI is a global technology consultancy and Cloud Solution Provider specialising in cloud, security, and networking solutions for mid-market and enterprise-level business across the world.