Deepfake Infiltration of US Officials Through SMS and Voice Manipulations
Since at least April 2025, a series of sophisticated phishing schemes have been active, targeting US officials and their contacts. These schemes, which have been the subject of an FBI advisory issued on May 15, 2025, involve the use of artificial intelligence (AI) to impersonate senior US officials and carry out social engineering campaigns.
The perpetrators behind these AI-driven phishing attacks trick victims into clicking on malicious links, supposedly to switch to a different messaging platform. Once the victims fall for the trap, the malicious actors can gain unauthorized access to personal or official accounts.
To protect oneself, it is crucial to exercise caution when clicking on links in emails or text messages. Always verify the identity of the person contacting you by researching their number and independently confirming their authenticity. You can also create a secret word or phrase with family members to verify their identities.
Another important step is to set up two-factor authentication and never disclose the code to anyone. Be cautious when downloading attachments or applications, as they may contain malware. Carefully examine email addresses, phone numbers, URLs, and spelling used in correspondence for slight differences.
Never share sensitive information or contact details with people you have met online or over the phone. The acquired contact information can be used to impersonate trusted contacts, allowing the malicious actors to target other government officials.
Once they gain access, the malicious actors can use the trusted contact information obtained to target other government officials. To prevent this, it is essential to be vigilant and verify the identity of everyone you communicate with, especially those claiming to be senior US officials.
The FBI has issued guidance on protecting oneself from AI-powered social engineering campaigns. They advise individuals to look for imperfections in images and videos, and be cautious of AI-generated content.
While the perpetrators behind these AI-driven phishing schemes have not been explicitly identified in publicly available reports, similar advanced cybercriminal groups such as the ransomware-as-a-service group "Embargo," linked to the notorious BlackCat group and known for using AI/ML to scale attacks and craft convincing phishing lures, exemplify the type of actors likely involved in such sophisticated campaigns.
In conclusion, it is essential to remain vigilant and exercise caution when communicating online, especially with individuals claiming to be senior US officials. Always verify the identity of the person contacting you, be cautious when clicking on links, and never share sensitive information or contact details with people you have met online or over the phone. By following these guidelines, you can help protect yourself from AI-powered phishing schemes.
