FBI Warns of AI Voice Scam: Smishing & Vishing Campaign Targets US Officials

The Federal Bureau of Investigation (FBI) has released a public service announcement to warn individuals about a growing cyber threat involving text and voice messaging scams.

Since April 2025, malicious actors have been impersonating senior U.S. government officials to target individuals, especially current or former senior federal and state officials, as well as their contacts.

The FBI is urging the public to remain vigilant and take steps to protect themselves from these schemes.

So let’s understand what exactly is happening?

The FBI has disclosed a coordinated campaign involving smishing and vishing—two cyber techniques used to deceive people into revealing sensitive information or giving unauthorized access to their personal accounts.

• Smishing involves sending malicious text messages (via SMS or MMS) to lure recipients into clicking a fraudulent link or engaging in conversation.

• Vishing involves malicious voice messages, often enhanced with AI-generated audio, designed to sound like trusted figures, including high-ranking officials.

These scams are aimed at building trust with the victims before tricking them into revealing personal data or granting access to sensitive accounts. Once access is gained, the attackers can impersonate the victim to deceive others in their network.

Who Is Being Targeted?

While the primary targets have been senior U.S. government officials, either currently in office or retired, their personal and professional contacts are also at risk. Attackers may use the trust and familiarity associated with known contacts to infiltrate broader networks.

The goal is often to harvest personal information, obtain login credentials, or request money or sensitive data under false pretenses. In many cases, the attackers initiate contact under the guise of switching to another messaging platform, where they send malicious links or malware.

Why It’s Dangerous

This campaign is dangerous because:

• AI-generated voices make it difficult to distinguish between real and fake calls or voicemails.

• Attackers use publicly available data, such as photos and job titles, to make their messages more convincing.

• These tactics exploit human trust, making even tech-savvy individuals vulnerable.

The FBI warns that the stolen credentials or information may be used to impersonate more officials, spread disinformation, or commit financial fraud.

FBI Shares Common Signs of a Fake Message

The FBI has shared several tips to help the public identify fake messages or voice calls:

1. Verify the Sender: Do not trust a message or voice note just because it sounds official. Always look up the contact details from a known and trusted source, and verify the identity through a separate channel.

2. Examine Details Closely: Look at the phone numbers, URLs, spelling, and message format. Scammers often change a single letter or number to make a message look legitimate.

3. Check for AI Artifacts: In voice or video messages, watch for subtle flaws like distorted features, weird shadows, unusual voice lag, or strange speech patterns. These could be signs of AI-generated content.

4. Listen for Tone and Language: Even if the voice sounds familiar, pay attention to word choice or phrases that seem out of character. AI-generated voices might mimic tone but often fail to capture personality or speech quirks accurately.

5. When in Doubt, Reach Out: If something feels suspicious, contact your organization’s security team or the FBI for verification before taking any action.

So, How to Protect Yourself

Here are practical steps recommended by the FBI to help prevent falling victim to these scams:

• Don’t Share Sensitive Info: Never share personal, financial, or contact information with someone you’ve only interacted with online or via phone.

• Verify New Contact Information: If someone you know reaches out using a new number or platform, confirm their identity through an existing channel before proceeding.

• Don’t Send Money to Unknown Contacts: Whether it’s a request for money, cryptocurrency, or gift cards, always double-check and confirm the legitimacy of such requests through independent means.

• Avoid Clicking Suspicious Links: Don’t click on any links or download attachments unless you’re absolutely sure of the sender’s identity.

• Use Two-Factor Authentication: Enable two-factor or multi-factor authentication wherever possible. It adds an extra layer of protection to your accounts. However, never share your two-factor authentication codes with anyone, even if they claim to be from your bank or a government agency.

• Set Up a Family Verification Phrase: Create a shared secret word or phrase with family members or close contacts. This can help verify identities in emergency situations.

• Be Careful What You Download: Only download apps or files from trusted sources. Never install anything based on unsolicited requests.

Why It Matters

Cyber threats continue to evolve, and this latest campaign demonstrates how sophisticated these schemes have become, especially with the use of AI voice cloning and realistic impersonations. The trust people place in familiar names or voices is being manipulated by malicious actors for gain.

This type of cyberattack doesn’t just threaten individuals—it can compromise national security if sensitive government data or communications are accessed or manipulated.

What To Do If You’re Targeted

If you believe you’ve been contacted as part of this campaign, or if you’ve already shared sensitive information, take immediate action:

1. Stop communication with the suspected scammer.

2. Report the incident to your organization’s security team or directly to the FBI via its Internet Crime Complaint Center (IC3) at www.ic3.gov.

3. Change your passwords, enable multi-factor authentication, and monitor your accounts for suspicious activity.

4. Warn your contacts if you suspect your account may have been compromised.

Conclusion