The FBI has issued a new warning about cybercriminals using AI-generated audio deepfakes in phishing attacks since April 2025. These malicious campaigns impersonate senior U.S. government officials to deceive individuals, many of whom are current or former high-level federal or state employees. Victims are contacted through text messages and AI-generated voice calls, using smishing and vishing techniques to build a false sense of legitimacy. The attackers often claim to be officials and attempt to establish trust with the targets before leading them into further communication.
Once rapport is established, the attackers send malicious links that appear to lead to legitimate messaging platforms.
These links are designed to compromise the target’s personal accounts and gain access to contact lists and sensitive information. With these compromised accounts, the attackers can continue the deception by impersonating the original victim. This allows them to reach out to other officials or associates with credible messages, sometimes aimed at stealing confidential data or convincing targets to transfer funds.
This method of social engineering amplifies the reach and success of the original attack, creating a ripple effect across various government and organizational networks. The impersonated communications are convincing enough that recipients may not suspect fraud until damage has already occurred. The FBI urges the public to be cautious and not to assume any message from a high-level official is authentic without proper verification.
The agency’s announcement includes suggested mitigation steps to help users identify voice deepfakes and protect themselves.
The warning echoes previous alerts from international cybersecurity bodies over the growing use of deepfakes in fraud. In 2021, the FBI noted that deepfakes could be widely employed in cybercrime and influence operations. Europol warned the following year about deepfakes being used in CEO fraud, evidence tampering, and other illicit activities. More recently, the U.S. Department of Health and Human Services highlighted AI voice cloning threats to IT help desks. LastPass also confirmed an incident involving deepfake audio impersonating its CEO in a phishing attempt.
Reference:
