Criminals contact a target by impersonating a U.S. official and briefly engage in conversation on a topic the target is well-versed in.
Malicious actors are impersonating government officials to secure sensitive information and steal funds, the FBI said in an alert on Dec. 19.
“Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet-level officials, as well as members of Congress to target individuals, including officials’ family members and personal acquaintances,” the alert said.
“If you receive a message claiming to be from a current or former senior U.S. official, do not assume it is authentic.”
The threat actors have sent text messages and artificial intelligence-generated voice messages as part of their impersonation campaigns.
In the scheme, criminals contact a target by impersonating a U.S. official and briefly engage in conversation on a topic the target is well-versed in, the agency said. They then request that the communication be taken to an encrypted mobile messaging application. In most cases, the initial contact is made via SMS, and the conversation is then moved to an app such as Telegram, WhatsApp, or Signal.
Once this communication channel is set up, they inquire about events such as bilateral relations, current affairs, and trade and security policy negotiations, according to the FBI.
The malicious actor then suggests setting up a meeting between the target and the U.S. president or other high-ranking officials. They also lie that the target is being considered for nomination to the board of directors of a company.
According to the FBI, targets have been asked to take certain actions, including providing an authentication code allowing the fraudsters to sync their device with the contact list on the target’s phone, supplying personally identifiable information and copies of personal documents, and wiring funds to a financial institution located abroad under false pretenses.
The Dec. 19 alert is an update to an earlier alert issued by the FBI on May 15, which warned that once a target is lured into a messaging platform, he or she may be presented with malware or hyperlinks designed to steal log-in information, such as user names and passwords.
The malicious actors may use voice phishing tactics, which involve audio generated by artificial intelligence to impersonate public figures or personal relations to boost the believability of the scheme.
In the latest alert, the FBI issued guidance to help identify suspicious messages. It advised people to verify the identity of the person contacting them and to listen closely to the tone and word choice during a call or voice message to assess whether it is AI-generated.
It asked people to refrain from sharing sensitive information with those they have only met online or by phone and to not send money or assets to such individuals.
