The FBI warned that cybercriminals utilizing AI-generated audio deepfakes to focus on U.S. officers in voice phishing assaults that began in April.
This warning is a part of a public service announcement issued on Thursday that additionally supplies mitigation measures to assist the general public spot and block assaults utilizing audio deepfakes (also referred to as voice deepfakes).
“Since April 2025, malicious actors have impersonated senior US officers to focus on people, lots of whom are present or former senior US federal or state authorities officers and their contacts. For those who obtain a message claiming to be from a senior US official, don’t assume it’s genuine,” the FBI warned.
“The malicious actors have despatched textual content messages and AI-generated voice messages — strategies generally known as smishing and vishing, respectively — that declare to return from a senior US official in an effort to ascertain rapport earlier than getting access to private accounts.”
The attackers can acquire entry to the accounts of U.S. officers by sending malicious hyperlinks disguised as hyperlinks designed to maneuver the dialogue to a different messaging platform.
By compromising their accounts, the menace actors can acquire entry to different authorities officers’ contact data. Subsequent, they’ll use social engineering to impersonate the compromised U.S. officers to steal additional delicate data and trick focused contacts into transferring funds.
Right now’s PSA follows a March 2021 FBI Personal Business Notification (PIN) [PDF] warning that deepfakes (together with AI-generated or manipulated audio, textual content, photos, or video) would doubtless be extensively employed in “cyber and overseas affect operations” after turning into more and more subtle.
One yr later, Europol cautioned that deepfakes may quickly turn into a software that cybercriminal teams might routinely use in CEO fraud, non-consensual pornography creation, and proof tampering.
The U.S. Division of Well being and Human Providers (HHS) additionally warned in April 2024 that cybercriminals have been concentrating on IT assist desks in social engineering assaults utilizing AI voice cloning to deceive targets.
Later that month, LastPass revealed that unknown attackers used deepfake audio to impersonate Karim Toubba, the corporate’s Chief Govt Officer, in a voice phishing assault concentrating on one in all its workers.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and how one can defend in opposition to them.
