FBI Director Kash Patel is warning government employees, along with family members and associates of top government administrators, that a scamming effort to gain access to federal computer networks first noted in May has not diminished.
Along with the ongoing warning about the malicious actors, Patel’s notice also indicates that the FBI has not been able to corral all the perpetrators.
Patel shared a department post on his X social media account: “Malicious actors are impersonating senior U.S. officials via text and AI-generated voice messages and targeting their contacts, including family members.”
“In this scheme actors reach out to victims and engage them in a brief conversation on a topic they are knowledgeable about.”
Then, agents wrote, the trap is sprung. “They quickly request to move the discussion to a secondary, encrypted messaging app.”
The approach typically involves moving to a platform that is embedded with malware to steal data from the victim’s phone or computer. Another approach is to get the victim to use a link that leads to a platform or website embedded with malicious code.
The malware being deployed by the thieves can steal the victim’s login information. Depending on the system security used by the victim, significantly more information can be stolen and later used by the criminals.
That can include the scammers gaining access to sensitive government information, which could be used criminally in a variety of ways.
A new FBI release to government employees said some of the initial approaches often involve proposing the scheduling of a “meeting between the victim and the president of the United States or other high-ranking officials,” or claiming the target “is being considered for a nomination to a company’s board of directors.”
The bureau also offered more context on the overall approach often used to gain credibility and then access. “Smishing is the malicious targeting of individuals using Short Message Service (SMS) or Multimedia Message Service (MMS) text messaging.”
It continues, “Vishing, which may incorporate AI-generated voices, is the malicious targeting of individuals using voice memos. Both smishing and vishing use tactics like spear phishing, which uses email to target specific individuals or groups.”
The bureau suggested the easiest way to stay safe. “If contacted by someone you know via a new platform or phone number, verify the new contact information through a previously confirmed platform or trusted source.”
