FBI Warns Of Surging Use Of Vishing

Uploaded on 2025-06-04 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW

Cybercriminals have been employing AI-generated voice messages to impersonate high-ranking US government officials in an ongoing effort to breach the online accounts of current and former officials, the FBI has warned.  

The FBI is issuing this announcement to warn and provide mitigation tips to the public about an ongoing malicious text and voice messaging campaign.  

“Since April 2025, malicious actors have impersonated senior US officials to target individuals, many of whom are current or former senior US federal or state government officials and their contacts. If you receive a message claiming to be from a senior US official, do not assume it is authentic,” the FBI advised.  

According to the agency, the campaign primarily targets current and former US federal or state government officials, as well as their associates. Once attackers gain access to a victim’s information, they can use it to impersonate additional officials or acquaintances, thereby expanding their reach.  

High-Profile AI Voice Scam Cases

AI-generated voice calls have been used in several high-profile attacks. In 2024, an executive at Ferrari thwarted a similar attack by questioning the impersonator about a book they had previously recommended.  

A British engineering firm, Arup, fell victim to scammers, paying out $25 million after fraudsters set up a false video call meeting to trick an employee.  Similarly, in 2019, a UK energy company suffered a loss of more than £200,000 due to AI-generated phone calls.  

How The Scam Works

 The FBI explained that these "smishing" (SMS phishing) or "vishing" (voice phishing) attacks rely on AI tools to generate realistic voices. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform," the FBI stated.  

Once a victim’s account is compromised, it can be exploited for further attacks, making the scam increasingly dangerous.  

Avoiding AI Scams 

The FBI highlighted that scammers use software to generate phone numbers that are not attributed to a specific device.   To stay protected, individuals should:  

  • Independently verify the identity of the caller through research.  
  • Check the caller’s correct number before responding.  
  • Scrutinise messages for inconsistencies before sharing any information.  

When assessing videos or images for AI manipulation, experts recommend looking for subtle imperfections, such as distorted hands or feet, blurred facial features, incorrect shadows, unnatural speech synchronisation, and other irregular movements.  

While these measures can help identify fraudulent content, the agency warned that AI-generated material has become so advanced that it is often difficult to detect.  

FBI's Safety Recommendations  

The FBI advised individuals to create a secret word or phrase to verify identity when communicating online. Additionally, people should:  

  • Avoid clicking on unfamiliar links or email attachments.  
  • Never send money, gift cards, or cryptocurrency to someone over the Internet or phone unless the recipient’s identity has been thoroughly verified.  

For further official guidance, visit the FBI’s Internet Crime Complaint Centre: HERE.

CNBC    |    SAN  |   ITPro  |   Reuters  |   CNN 

Image: Ideogram 

You Might Also Read: 

Deepfakes Are Making Business Email Compromise Worse:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Scattered Spider Hackers Get Busy
Japan Enacts Landmark Cyber Defence Legislation »

Infosecurity Europe
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Senetas

Senetas

Senetas is a leading developer and manufacturer of certified high-assurance encryption solutions, dedicated to protecting network transmitted data without compromising performance.

Ethio-CERT

Ethio-CERT

National Cyber Emergency Readiness and Response Team of Ethiopia.

Samsung Knox

Samsung Knox

Samsung Knox brings multi-layered defence-grade security to your business’s smartphones and tablets.

HSB

HSB

HSB offers insurance for equipment breakdown, cyber risk, data breach, identity recovery & employment practices liability.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Cypherix

Cypherix

Cypherix is tightly focused on cryptography and data security. We leverage our expertise to deliver state-of-the-art, world-class encryption software packages.

Networks Unlimited

Networks Unlimited

Networks Unlimited is a leading value-added distributor in Africa, providing technology solutions with a focus on security, networking, enterprise systems management and cloud technologies.

Inveteck Global

Inveteck Global

Inveteck Global is a Ghana-based cyber security firm providing strategic guidance and technical solutions to all our clients to best serve their individual needs.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Cloud4C

Cloud4C

Cloud4C is a leading automation-driven, application focused cloud Managed Services Provider.

NetCentrics

NetCentrics

NetCentrics leverages an innovative, agile, ‘what’s-next’ approach to our customers’ IT and cyber challenges.

Roberts & Obradovic Law

Roberts & Obradovic Law

Roberts & Obradovic Law Group is a corporate, privacy, employment and litigation law firm.

Yokai

Yokai

Yokai is a secure, distributed platform for data communication with enhanced security features tailored for classified environments such as finance, defence, healthcare, cybersecurity, and more.

Cyro Cyber

Cyro Cyber

Cyro Cyber is a collective of some of the UK’s most experienced and savvy cybersecurity, information assurance, data protection, IT governance and compliance experts.

Universal Technical Resource Services (UTRS)

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.

SignPath

SignPath

SignPath provides leading-edge software and SaaS services that ensure code integrity from development to distribution.