CISA Warns Phone Scammers Are Impersonating its Staff

Written by

A leading US security agency has warned people not to fall for a new phone-based impersonation fraud campaign, in which scammers masquerade as its own employees.

The Cybersecurity and Infrastructure Security Agency (CISA) said in a brief alert yesterday that such scams often use the names and titles of government employees.

“The Cybersecurity and Infrastructure Security Agency (CISA) is aware of recent impersonation scammers claiming to represent the agency,” it continued. “As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret.”

The agency urged anyone who suspects they have a fraudster on the other end of the line to:

  • Not pay the caller
  • Take note of the incoming phone number
  • Hang up immediately
  • Report the incident by calling CISA at (844) SAY-CISA (844-729-2472) or contact law enforcement

Read more on impersonation scams: Scammers Impersonate Meta in Facebook Campaign With 3200 Profiles

The FBI dealt with the fallout of over 14,000 government impersonation scams last year, leading to losses of over $394m. That makes it the seventh highest-grossing cybercrime type of the year.

More generally, it can be tied to the larger cybercrime category of phishing, in which a fraudster impersonates a person of authority or a representative of a legitimate company, in order to trick the victim into handing over sensitive information or money.

The Federal Trade Commission (FTC) claimed in April that impersonation fraud losses increased three-fold between 2020-2023 to exceed $1.1bn last year.

While the share of email and text-based scams rose sharply, those carried out via the phone dropped from 67% of the total in 2020 to 32% in 2023, it claimed. However, that still makes phone-based impersonation fraud the most common variety, ahead of email (26%) and text (14%).

The agency said fraudsters are increasingly blending business and government impersonation, so that “a fake Amazon employee might transfer you to a fake bank or even a fake FBI or FTC employee for fake help.”

Vishing (voice phishing) of this sort is also a major enterprise threat. A new study from Keepnet revealed that nearly one-in-10 people who pick up the phone to fraudsters fall for the scam.

Those working in the manufacturing and engineering sector (19%) and entertainment and media (18%) were most likely to be scammed. It also revealed that 12% of customer support targets were successfully vished, as well as 7% of IT workers.

What’s hot on Infosecurity Magazine?