Pierluigi Paganini May 17, 2025

FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S. officials.

The FBI warns that ex-government officials are being targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials.

The FBI warns of a campaign using smishing and vishing with deepfake texts and AI voice messages impersonating senior U.S. officials to current or former senior US federal or state government officials and their contacts

Since April 2025, threat actors have been using texts and AI voice messages impersonating senior U.S. officials to build trust and access personal accounts.

Threat actors send malicious links posing as messaging platform invites to access officials’ accounts, then exploit contacts to impersonate and extract data or funds.

“One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform. Access to personal or official accounts operated by US officials could be used to target other government officials, or their associates and contacts, by using trusted contact information they obtain.” reads the alert issued by the FBI. “Contact information acquired through social engineering schemes could also be used to impersonate contacts to elicit information or funds.”

To avoid falling for AI-powered scams, the feds warn of verifying callers’ identities using known contact info, checking for slight errors in names, messages, and visuals, and looking for flaws in AI-generated content like unnatural speech or visuals. Be cautious of realistic fakes using public photos or voice cloning. Always confirm authenticity before responding, and contact security officials or the FBI if uncertain.

To avoid fraud or data loss, never share sensitive info with unknown contacts. Verify identity through trusted channels, especially on new platforms. Don’t send money or crypto without confirming requests. Avoid clicking links or downloading files from unverified sources. Enable and protect two-factor authentication and never share OTP codes. Use a secret word with family to confirm identities and stay secure.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, deepfake)