Senior U.S. officials are being impersonated in a malicious messaging campaign according to an announcement issued by the FBI.
The law enforcement agency has warned the public and issued tips on its Internet Crime Complaint Center site to detail how threat actors have been targeting citizens – largely current or former senior U.S. federal or state government officials and their contacts – since April 2025 over text and voice messages in an attempt to steal credentials or personal information.
The hackers have been sending both smishing and vishing messages; smishing being SMS or text message phishing messages, while vishing, usually refers to AI-generated voice messages used in phone calls, though scammers may also use their real voices in these attacks.
Both methods use a spear phishing style of attack to target specific individuals or groups and this is a long-standing tactics used by cybercriminals. The attacks will often involve providing victims with a secondary link to a malicious website to steal usernames and passwords, or a phone number to trick the target into speaking with someone that is supposed to be trustworthy (a friend, coworker or even public figure). This person will often request personal information, or send a malicious link to a separate messaging platform.
Once the contact has clicked through to the malicious website, access to their personal or official accounts could be compromised and used to target other government officials, or their personal contacts. The information gained through these social engineering attacks can also be used to impersonate the victims themselves in order to steal from their contacts.
How to stay safe
The FBI has provided several recommendations on how to avoid this and other similar scams which start with how to spot a fake message.
When it comes to videos, look for imperfections in facial features, indistinct faces or distorted hands or feet or strange accessory details in glasses or jewelry. Additionally check the shadows and look for unnatural movements. As for phone calls, listen for voice call lag time, voice matching, and tone and word choice to see if they sound like the people you know.
When it comes to who is calling, texting or sending you a message, make sure that you're verifying their identity by looking up the originating number of phone calls and messages, or independently trying to find the phone numbers of the people or organizations who are calling. Likewise, if someone is emailing, you should be checking the spelling of their email address and looking at the contact information in the message body for inaccuracies as well as verifying the contact information there.
To avoid any potential fallout from these sorts of scams, don't share sensitive information or an associate's or coworker's contact information with people you've only met online or over the phone. You can verify new contact information through a previously confirmed platform or through another trusted source.
Never click on links, attachments or QR codes in emails or text messages if they're unexpected or if you don't know the sender. You can contact the sender directly through an alternate method to double check that they've sent the link before you click through. The same goes for file and app downloads.
To stay safe, set up passkeys and two-factor or multi-factor authentication on all the accounts that permit it. The FBI's also recommends that you should never provide your two-factor or multi-factor authentication codes to anyone else over email, SMS/text message or encrypted messaging platforms.
Lastly, the FBI says you should create a secret family password so that you can verify each other's identities when necessary. If you suspect something, you can always reach the FBI and relevant officials for help at IC3.gov.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
