FBI Warns of New AI-Powered Spear Phishing Attacks Targeting Former US Officials

The FBI has issued a warning about a new cybercrime campaign using AI-generated voice and text messages to trick former US government officials. This attack uses two main tactics called vishing (voice phishing) and smishing (SMS phishing) to steal personal information and money.

The campaign was first spotted in April and specifically targets former senior US federal and state officials, as well as their contacts. Cybercriminals try to gain access to victims' email and phone accounts by sending fake messages that appear to come from trusted US officials.

In these attacks, criminals gather personal details about their targets online to create convincing and personalized messages. The FBI advises caution: if you get a call or text claiming to be from a senior US official, don’t trust it without verification.

Max Gannon, Intelligence Manager at Cofense, explained that these scams are becoming harder to spot because AI technology makes voice calls and texts sound very real. “Threat actors are increasingly using AI to make phishing attacks nearly indistinguishable from real communication,” he said.

This new wave of attacks includes fake voicemails made with AI voice cloning tools and text messages pretending to be from US officials. Cybercriminals also use phone spoofing, which shows fake phone numbers that look trustworthy but are actually from unknown sources.

Gannon warned that phone systems often cannot detect spoofed numbers, which gives people a false sense of security when answering calls.

The FBI also noted that attackers send victims malicious links, pretending they need to switch to a different messaging app. Once clicked, these links give hackers access to private accounts. This access then helps criminals launch more attacks on other officials and their contacts.

While many people know about email phishing, experts say vishing is just as dangerous and often goes unnoticed. As phone communication becomes more important, it is critical to stay alert to these scams to protect your information.

Tips to Stay Safe:

• Verify unexpected calls or texts from officials by contacting them through official channels.

• Avoid clicking on links or downloading attachments from unknown messages.

• Be suspicious of urgent requests for money or personal details.

• Use security features like two-factor authentication on your accounts.