Don't be a victim! FBI warns iOS, Android users about the latest scam
The FBI warns iOS and Android phone owners about Phishing, Smishing, and Vishing attacks.
The latest warning from the FBI for iOS and Android users comes in the form of a Public Service Announcement. The warning says that since last month, malicious actors have impersonated senior US officials to target individuals. Many of those targeted are current or former senior US federal or state government officials themselves. The FBI suggests that if you receive a message from someone claiming to be a senior US official, "do not assume that it is authentic."
FBI warning against smishing, vishing, and spear phishing
These attacks have come in the form of fake texts, a practice known as "smishing," and via fake AI-generated phone calls, which is a practice known as "vishing." These texts and calls claim to come from senior US officials and try to cozy up with the targets to gain a rapport with the attackers and their victims. Earning that trust goes a long way toward helping the attackers convince their victims that they need to be sent their personal data, including the credentials they use to sign into personal accounts including banking apps, securities apps, crypto wallets, and other higher sensitive accounts accessible via the target's mobile devices.
"Smishing" is the malicious targeting of individuals using Short Message Service (SMS) or Multimedia Message Service (MMS) text messaging. "Vishing", which may incorporate AI-generated voices, is the malicious targeting of individuals using voice memos. Both smishing and vishing use tactics similar to spear phishing, which uses email to target specific individuals or groups."
-FBI
Using smishing, vishing, and spear phishing (which is the use of malicious emails to trick the victim into revealing personal data), the threat actor introduces malware or includes hyperlinks with the malicious text that will send the victim to a site controlled by the threat actor that steals usernames and passwords. Smishing attacks generate phone numbers that are used by the attacker to call. The attacker will pretend to be a business associate or a relative to engage with the target and collect log-in credentials.
At the top of this story, we told you that the FBI is concerned with the latest smishing and vishing attacks, and victims are receiving texts and AI voice messages that claim to be from senior US officials. The FBI suggests that the first thing you should do if you receive one of these calls or texts is to verify the person and organization that allegedly sent you the text or phone call. The FBI suggests that before responding, research the originating number, organization, and/or person purporting to contact you. Then, independently identify a phone number for the person and call to verify their authenticity."
The FBI also says, "Carefully examine the email address; messaging contact information, including phone numbers; URLs; and spelling used in any correspondence or communications. Scammers often use slight differences to deceive you and gain your trust. For instance, actors can incorporate publicly available photographs in text messages, use minor alterations in names and contact information, or use AI-generated voices to masquerade as a known contact."
Take a long look at any images and or videos sent to you for "subtle imperfections." Hands or feet could be distorted in AI-generated images, and you might catch irregular facial features, unrealistic accessories such as glasses or jewelry, shadows that look fake, unnatural movements in videos including lags between mouth movement and the words being said. Try to distinguish between a real call and an AI-generated call.
If you can't judge the authenticity of a message from someone trying to reach out to you, you can call the FBI for help.
Do not share sensitive information with people you've only met online or on the phone
In addition, the FBI says that you should not share sensitive information or an associate's contact number with people you've only met online or on the phone. The same applies when it comes to sending cash, gift cards or cryptocurrency. Do not send these items to people you've only met online or on the phone. Do not click on any links found on texts or emails you have received.
Additionally, "Never open an email attachment, click on links in messages, or download applications at the request of or from someone you have not verified." Also, you should set up two-factor authentication on all apps that allow it. Never disable it, and never disclose the code to anyone.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: