FBI Warns Of Surging Use Of Vishing

Cybercriminals have been employing AI-generated voice messages to impersonate high-ranking US government officials in an ongoing effort to breach the online accounts of current and former officials, the FBI has warned.  

The FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign.  

“Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive a message claiming to be from a senior US official, do not assume it is authentic,” the FBI advised.  

According to the agency, the campaign primarily targets current and former US federal or state government officials, as well as their associates. Once attackers gain access to a victim’s information, they can use it to impersonate additional officials or acquaintances, thereby expanding their reach.  

High-Profile AI Voice Scam Cases

AI-generated voice calls have been used in several high-profile attacks. In 2024, an executive at Ferrari thwarted a similar attack by questioning the impersonator about a book they had previously recommended.  

A British engineering firm, Arup, fell victim to scammers, paying out $25 million after fraudsters set up a false video call meeting to trick an employee.  Similarly, in 2019, a UK energy company suffered a loss of more than £200,000 due to AI-generated phone calls.  

How The Scam Works

 The FBI explained that these "smishing" (SMS phishing) or "vishing" (voice phishing) attacks rely on AI tools to generate realistic voices. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform," the FBI stated.  

Once a victim’s account is compromised, it can be exploited for further attacks, making the scam increasingly dangerous.  

Avoiding AI Scams 

The FBI highlighted that scammers use software to generate phone numbers that are not attributed to a specific device.   To stay protected, individuals should:  

  • Independently verify the identity of the caller through research.  
  • Check the caller’s correct number before responding.  
  • Scrutinise messages for inconsistencies before sharing any information.  

When assessing videos or images for AI manipulation, experts recommend looking for subtle imperfections, such as distorted hands or feet, blurred facial features, incorrect shadows, unnatural speech synchronisation, and other irregular movements.  

While these measures can help identify fraudulent content, the agency warned that AI-generated material has become so advanced that it is often difficult to detect.  

FBI's Safety Recommendations  

The FBI advised individuals to create a secret word or phrase to verify identity when communicating online. Additionally, people should:  

  • Avoid clicking on unfamiliar links or email attachments.  
  • Never send money, gift cards, or cryptocurrency to someone over the Internet or phone unless the recipient’s identity has been thoroughly verified.  

For further official guidance, visit the FBI’s Internet Crime Complaint Centre: HERE.

CNBC    |    SAN  |   ITPro  |   Reuters  |   CNN 

Image: Ideogram 

You Might Also Read: 

Deepfakes Are Making Business Email Compromise Worse:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Understanding Identity & Access Management
IAM Failures: Lessons From 2025’s Biggest Breaches »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Centre for Secure Information Technologies (CSIT)

Centre for Secure Information Technologies (CSIT)

CSIT is a UK Innovation and Knowledge Centre (IKC) for secure information technologies. Our vision is to be a global innovation hub for cyber security.

DefenseStorm

DefenseStorm

DefenseStorm is a Security Data Platform that watches everything on your network and matches it to your policies, providing cybersecurity management that is safe, compliant and cost effective.

Telecommunications Industry Association (TIA)

Telecommunications Industry Association (TIA)

TIA works to secure trust in networks by advocating public policy positions on the security of ICT equipment and services related to critical infrastructure, supply chain and information sharing.

CipherMail

CipherMail

CipherMail provides email security products which allow organizations world wide to automatically protect their email against unauthorized access both in transit and at rest.

AKS IT Services

AKS IT Services

AKS IT Services (an ISO 9001:2015 and ISO 27001:2013 certified company) is a leading IT Security Services and Solutions provider.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

Beauceron Security

Beauceron Security

Beauceron's cloud-based platform gives employees a powerful personal cyber-risk coach empowering them to improve their cybersecurity practices and behaviours.

UTMStack

UTMStack

UTMStack is a Unified Security Management system that includes SIEM, Vulnerability Management, Network and Host IDS/IPS, Asset Discovery, Endpoint Protection and Incident Response.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

Purple Team

Purple Team

Purple Team is an expert cybersecurity and managed security service provider focused on arming your IT infrastructure with both red team and blue team services.

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

Sayers

Sayers

Sayers is best known for its ability to solve business challenges with IT solutions. Our areas of expertise include cloud, storage, virtualization, security, mobility and networking.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Cyberleaf

Cyberleaf

Cyberleaf is simplified managed cybersecurity for MSPs, enabling top tier cyber protection for small and medium enterprise.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.