FBI Warning AI Voice Phishing: How To Spot And Stop The Threat

The Federal Bureau of Investigation (FBI) has issued a warning about an AI powered phishing campaign involving cloned voices of high-ranking officials.

These malicious text and voice messages combine smishing (text phishing) and deepfake audio vishing (voice phishing) to trick victims into sharing sensitive information or money.

This impersonation scam is targeting senior U.S. officials and their contacts, raising national security alarms.

As artificial intelligence (AI) tools become cheaper and more accessible, cybercriminals are weaponizing them to make scams sound frighteningly real.

Phishing is a broad term for scams where attackers pose as trusted contacts to steal data or money. Smishing refers to phishing via SMS text messages, and vishing refers to voice phishing via phone calls or voicemails.

In an AI voice phishing attack, essentially a deepfake voice scam, criminals use deepfake voice technology to create audio that sounds like a real person.

For example, an attacker might send a text claiming to be a senior official (smishing), then follow up with a phone call using a cloned voice of that official (vishing) to make the con believable.

The scammer’s goal is to socially engineer the victim, through these social engineering voice calls, into clicking a malicious link or divulging sensitive information. This kind of voice cloning phishing is alarmingly effective because the fake voice closely mimics the tone and mannerisms of a trusted figure.

According to a recent FBI alert, attackers since April 2025 have been using texts and AI generated voice scam messages to pose as senior U.S. officials in a phishing campaign. These messages, which are a blend of smishing and voice phishing (vishing), are designed to establish rapport with the target before prompting them to hand over access to personal accounts or sensitive data.

Many targets are current or former high-ranking government officials, but the danger extends to anyone in their contact lists who might also be approached by the impostors.

Once an account is compromised, the scammers can exploit trusted contact information to impersonate others and scam additional victims, creating a ripple effect. Authorities note that this threat is growing as AI tools become more accessible; the use of voice cloning for fraud jumped by over 400% in 2025.

Falling victim to an AI voice phishing scam can have serious consequences.

On a personal level, you could be tricked into giving up passwords or personal data, leading to identity theft or financial loss. In an organizational setting, one compromised account can become a springboard for attackers to penetrate further into the network or to fool your colleagues using your identity.

Attackers generally exploit the trust we place in familiar voices. They have impersonated figures from White House officials to corporate CEOs to request sensitive information or urgent wire transfers. Research shows that most people struggle to tell a cloned voice from the real thing, and it only takes a few seconds of audio to produce a convincing fake.

To spot a potential AI voice phishing attempt, watch out for these red flags:

• Mismatched or odd caller details. The phone number or email doesn’t match the person’s real contact information, or the sender’s address has subtle misspellings or extra characters (a classic sign of spoofing).
• Unsolicited or strange contact. A random text or call claiming to be from a senior official, government agency, or company executive out of the blue.
• Urgency and pressure. The message or caller insists on urgency, urging you to switch to a different platform (like a personal phone or app) and pushing you to click a link, share a code, or transfer funds immediately.
• Unnatural voice qualities. If a caller’s tone or cadence sounds slightly off, robotic, or there are unnatural pauses/glitches in the audio, it could be an AI generated voice. Deepfake voices are very convincing but might lack natural flow.

If you receive a suspicious call or message that could be an AI voice phishing attempt, take these steps before you respond:

1. Verify the caller’s identity independently: Don’t trust the contact information provided in the message. Look up the person’s official number or email from a trusted source and contact them directly to check if the request is genuine.
2. Don’t click links or share codes under pressure: Never enter login credentials or click a link sent by an unverified caller or texter. Similarly, never divulge one-time passcodes or 2FA codes, no legitimate authority will ask for those over the phone.
3. Use two-factor authentication: Enable 2FA on your accounts to add an extra barrier. And never give someone your verification code, that’s a giveaway of a scam.
4. Alert and educate your circle: Warn your family, friends, and coworkers about these scams so they can recognize the signs. Cybersecurity awareness about vishing threats is an underestimated but useful defense. You might even set up a code word with loved ones to verify their identity in voice messages.
5. Report the scam: If you suspect an impersonation attempt, report it. Contact your local FBI Field Office or submit a complaint to the FBI’s Internet Crime Complaint Center (IC3). Reporting incidents helps authorities disrupt these campaigns.

This wave of AI powered phishing is likely just the beginning. Generative AI voice cloning technology is advancing quickly; it now takes only a few seconds of audio to convincingly clone a voice. As these tools become ubiquitous, impersonation scams will likely become more frequent, more convincing, and not just limited to high profile targets.

Organizations should think about updating their defenses. Employee education is key: staff should be trained to verify any unusual phone or voicemail request, even if it appears to come from a known executive or authority. Companies and agencies are also exploring technical safeguards, like real time deepfake detection systems, to flag fake audio in calls.

Having strict verification protocols (for example, requiring a callback or secondary confirmation for voice requests involving sensitive actions) is essential. The FBI warns that failing to implement such measures is like leaving your door unlocked in a high crime area. Healthy skepticism will be important as this threat evolves.

The FBI’s alert about AI voice phishing is a wakeup call that criminals can now weaponize trusted voices. To recap, remember these key points:

• Always verify unexpected communications via a second channel before trusting them.
• Be wary of unsolicited links, attachments, and urgent requests, whether by text or voice.
• Enable 2FA on accounts and never share verification codes or passwords over the phone.
• Keep yourself and your team educated about new schemes like AI voice cloning. Awareness is the first line of defense.

By following these guidelines, you can ensure an AI voice phishing scheme doesn’t catch you off guard.

Contact BlackFog to learn more about our exciting products.