The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert about a recent impersonation scam in which scammers posed as its representatives and employees. Fraudsters in the campaign may extort money in various ways, such as bank transfers, gift cards or cryptocurrency payments.
CISA Impersonation Scam
The spammers behind the campaign make phone calls to victims in which they claim to be contacting targets on behalf of CISA; they then ask victims to share personal information or money under the guise of protecting their accounts from unauthorized activity. Fraudsters may also direct victims to download additional software or click on links to “verify” their identity. However, CISA confirmed that it would never make such demands.
“CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret,” CISA warned.
Possible red flags to watch out for:
- Unsolicited phone calls that claim to be from CISA.
- Callers requesting personal information, such as passwords, social security numbers, or financial information.
- Callers demanding payment or transfer of money to “protect” your account.
- Callers creating a sense of urgency or pressuring you to take immediate action.
If you’re targeted by a CISA impersonation scam, here’s what you should do:
- Do not pay the caller.
- Take record of the numbers used.
- Hang up the phone immediately while ignoring further calls from suspicious numbers.
- Report the scam to CISA by calling (844) SAY-CISA (844-729-2472).
FTC Observes Uptick in Impersonation Scams
The CISA impersonation scam is a recent example of the rise in impersonation fraud targeting both businesses and government agencies. According to the latest data from the Federal Trade Commission (FTC), the number of such scams has increased dramatically in recent years, and cost consumers more than $1.1 billion in 2023 alone.
The FTC report showed that in 2023, the agency received more than 330,000 reports of fraud posing as a business and almost 160,000 reports of fraud posing as a government. Collectively, these incidents account for almost half of all fraud cases reported directly to the FTC.
“The financial injury is breath-taking – and cash-taking,” the FTC quipped in its Spotlight. It further added, “Reported losses to impersonation scams topped $1.1 billion in 2023, more than three times what consumers reported in 2020.”
While fraudsters employ various types of scams, the FTC noted that the below types accounted for nearly half of the reported/observed scams in 2023:
- Copycat account security alerts: Scams that pretend to impersonate legitimate services such as Amazon while purporting to be about unauthorized activity or charges to their account.
- Phony subscription renewals: Usually email notices that alert targets of auto-renew charges to various online services.
- Fake giveaways, discounts, or money to claim: Fake rewards or winnings that claim to originate from legitimate providers such as internet providers or large retailers.
- Bogus problems with the law: Scammers try to deceive targets into believing that their identity had been used to commit heinous crimes such as money laundering or the smuggling of drugs.
- Made-up package delivery problems: Messages that alert you of fake delivery problems with legitimate delivery services such as the U.S. Postal Service, UPS, or FedEx.
To avoid such scams, the FTC has advised consumers to not click on unexpected links or messages, avoid scenarios where gift cards are offered as an option to fix problems, and scrutinize urgent offers and claims.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
