These Attacks Are ‘Easy’—Do Not Ignore FBI Smartphone Warning
FBI’s AI warning is increasingly critical.
The news that AI is being used to impersonate Secretary of State Marco Rubio and place calls to foreign ministers may be shocking, but it shouldn’t be surprising. The FBI has warned such attacks are now taking place, and it will only get worse.
As first reported by the Washington Post, the State Department has warned U.S. diplomats that this latest attack has been caught in the act, with at least three foreign ministers, a U.S. senator and a governor amongst those contacted.
A fake Signal account (Signal strikes again) was used to instigate contact though text and voice messages. It’s clear that voice messages enable AI fakes to be deployed without the inherent risk in attempting to run this in real-time on a live call.
Darktrace’s AI and Strategy director Margaret Cunningham told me this is all too “easy.” The attacks, while “ultimately unsuccessful,” demonstrate “just how easily generative AI can be used to launch credible, targeted social engineering attacks.”
Alarmingly, Cunningham warns, “this threat didn’t fail because it was poorly crafted — it failed because it missed the right moment of human vulnerability.” People make decisions “while multitasking, under pressure, and guided by what feels familiar. In those moments, a trusted voice or official-looking message can easily bypass caution.”
And while the Rubio scam will generate plenty of headlines, the AI fakes warning has being doing the rounds for many months. It won’t make those same headlines, but you’re more likely to be targeted in your professional life through social engineering that exploits readily available social media connections and content to trick you.
The FBI warning is simple and increasingly important: “Verify the identity of the person calling or sending text or voice messages. Before responding, research the originating number, organization, and/or person purporting to contact you. Then independently identify a phone number for the person and call to verify their authenticity.”
This is in addition to the broader advice given the plague of text message attacks now targeting American citizens. Check the details of any message. Delete any that are clear misrepresentations, such as fake tolls or DMV motoring offenses. Do not click any links contained in text messages — ever. And do not be afraid to hang up on the tech or customer support desk or bank or the law enforcement officer contacting you. You can then reach out to the relevant organization using publicly available contact details.
“This impersonation is alarming and highlights just how sophisticated generative AI tools have become,” says Black Duck’s Thomas Richards. “It underscores the risk of generative AI tools being used to manipulate and to conduct fraud. The old software world is gone, giving way to a new set of truths defined by AI.”
As for the Rubio impersonations, “the State Department is aware of this incident and is currently monitoring and addressing the matter,” a spokesperson told reporters, with the clear implication being limited sophistication this time around. “The department takes seriously its responsibility to safeguard its information and continuously take steps to improve the department’s cybersecurity posture to prevent future incidents.”
“AI-generated content has advanced to the point that it is often difficult to identify,” the bureau warns. “When in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help.”