Government impostors posing as officials in a fresh vishing scam are being warned against by the FBI. Here's how to ensure your security.
The Federal Bureau of Investigation (FBI) has issued a warning for senior U.S. government officials about an ongoing malicious messaging campaign that aims to steal credentials or personal information through SMS text messages (smishing) or voice calls (vishing). These scams often impersonate officials or trusted contacts to exploit trust.
To help protect against these threats, the FBI offers the following recommendations:
- Enable passkeys and multi-factor authentication (MFA) on all accounts that permit it. This adds a security layer beyond passwords, making unauthorized access more difficult.
- Never share two-factor or multi-factor authentication codes with anyone via email, SMS/text, or encrypted messaging platforms. Scammers often try to extract these codes to bypass account security.
- Use a secret family password or code word shared among trusted contacts to verify identities during suspicious communications. This can help confirm requests are legitimate before responding or sharing information.
- Be alert for suspicious emails, texts, or calls asking for personal or account information, especially those involving urgent requests, malicious links, or instructions to not discuss the matter with others.
- Verify contact information independently by checking official government or company websites rather than relying on caller ID, message headings, or links that may be spoofed.
- End communication immediately if a scam is suspected instead of engaging further, reducing risk of manipulation or further exposure.
- Recognize that scammers may use AI-generated voice messages or real voices of trusted individuals to gain confidence (vishing).
- For scams involving government impersonation with sophisticated narratives (e.g., "Gold Bar" scam), be wary of offers to "protect" your assets by transferring funds or purchasing precious metals instructed by supposed officials, and report suspicious activity to the FBI or IC3.gov promptly.
These precautions are especially important for senior officials who are specifically targeted because of their access and influence. The FBI continues to monitor these threats and provides updated guidance through their Internet Crime Complaint Center (IC3) and official alerts.
Some key points to remember include:
- The campaign involves both smishing (SMS phishing messages) and vishing (AI-generated or scammer-voiced phone calls).
- The information gained can be used to impersonate the victims themselves and steal from their contacts.
- Never click on links, attachments, or QR codes in emails or text messages that are unexpected or from unknown senders.
- The attacks often provide a secondary link to a malicious website or a phone number to trick the target into revealing personal information.
- These messages use a spear phishing style to target specific individuals or groups.
- Never provide your two-factor or multi-factor authentication codes to anyone else over email, SMS/text message, or encrypted messaging platforms.
- Verify the originating number of phone calls and messages to ensure the identity of the caller.
- Look up the spelling of email addresses and check for inaccuracies in the contact information in the message body.
If you suspect a scam, reach out to the FBI and relevant officials at IC3.gov. Stay vigilant and follow these best practices to protect yourself from these targeted attacks.
- To bolster cybersecurity measures in the face of smishing and vishing threats, it's crucial for senior U.S. government officials to apply multi-factor authentication (MFA) and enable passkeys, as these anti-phishing tactics can help secure accounts against unauthorized access.
- When navigating general-news or crime-and-justice headlines, it's imperative to stay vigilant against sophisticated scams that use AI-generated voice messages or manipulate the voices of trusted individuals to gain victim's confidence, as these events should be promptly reported to the FBI or IC3.gov.
