182/68 Tuesday, May 20, 2025
The U.S. Federal Bureau of Investigation (FBI) has issued a warning about a cyberattack campaign involving smishing (SMS phishing) and AI-generated deepfake voice messages (vishing) aimed at current and former federal and state government officials. Threat actors are impersonating high-ranking U.S. officials—such as cabinet secretaries or agency directors—to trick victims into clicking malicious links or transitioning to alternative messaging apps. This tactic enables attackers to gain access to the victims’ personal accounts and subsequently impersonate them to target close contacts or other officials.
The campaign was first observed in April 2025 and uses social engineering techniques to harvest contact information from victims. The attackers then use that data to request sensitive information or money from other individuals. According to the FBI, these messages often include fake invitations to join new chat applications, accompanied by AI-generated voice messages to enhance credibility. Once an account is compromised, it may be used to impersonate the victim and target others in the victim’s professional network—such as collaborators or senior government officials.
The FBI advises both the public and government agencies to be vigilant against deepfake and AI-based impersonation threats. Officials should verify identities through trusted channels, avoid clicking links or downloading files from unknown sources, and never share sensitive information—such as OTP codes or payment details—without verifying the request. Individuals are also encouraged to use code words for identity verification and enable two-factor authentication (2FA) on their accounts to strengthen security.
