Impersonation of U.S. Officials via SMS and Voice Deepfakes

Malicious actors are increasingly using advanced AI technologies to impersonate senior US officials in sophisticated SMS and voice phishing schemes, also known as smishing and vishing, respectively. These tactics have targeted current and former federal and state government officials and their contacts since at least April 2025, as highlighted in an FBI advisory issued on May 15, 2025.

The objective of these fraudulent operations is to gain unauthorized access to personal or official accounts. Attackers send deceptive text messages and AI-generated voice recordings that compel the victims to click on malicious links, purportedly to facilitate a switch to a different messaging platform. Once access is gained, cybercriminals can exploit the trusted contact information they obtain to further target other government officials and their associates, often leading to the extraction of sensitive information or financial resources.

In light of these threats, the FBI has issued guidance aimed at helping individuals protect themselves from these evolving AI-powered phishing campaigns. The following precautions are recommended:

– Verify the identity of the contact by independently researching their phone number or email.
– Carefully scrutinize email addresses, phone numbers, URLs, and spelling in communications for subtle discrepancies.
– Be alert to imperfections in images or videos and exercise caution with AI-generated content.
– Refrain from sharing sensitive information or contact details with individuals met online or over the phone.
– Avoid transferring money or assets to unverified individuals.
– Do not click on links in emails or messages until the sender’s identity has been confirmed.
– Exercise caution when downloading attachments or applications.
– Implement two-factor authentication and keep authentication codes confidential.
– Establish a secret word or phrase with family members to verify their identity during communications.

As cyber threats continue to evolve in sophistication, adherence to these best practices is critical for safeguarding personal and professional information.