EXECUTIVE SUMMARY:
Earlier today, the Cybersecurity and Infrastructure Security Agency (CISA) reported that cyber criminals are impersonating its employees. In CISA’s own words, the agency is aware of “recent impersonation scammers claiming to represent the agency.”
What happened
Scammers placed phone calls to unsuspecting professionals, claiming to represent CISA and to be relaying an urgent message pertaining to a security vulnerability. The scammers ultimately intended for victims to transfer financial resources to external accounts.
This cyber sliminess reflects a broader trend. Cyber criminals are now trying to cover for their scams by weaponizing government employees’ names and titles.
CISA’s response
For its part, CISA notes that staff will never contact anyone in order to request money – whether that’s wired, cash, cryptocurrency or use of gift cards. It will also never instruct people to keep phone-based discussions secret.
Impersonation scams
In 2023, Americans reported more than $1.4 billion in financial losses due to impersonation scams, according to the Federal Trade Commission. That’s a 3X increase over the reported estimate from 2020.
Some scammers are now impersonating more than one organization in a single scam. In theory, a scammer might impersonate CISA, and then offer to transfer you to a fake FBI or Federal Trade Commission employee, for fake assistance.
Best practices
Even the pros can fall victim to scams, especially those that involve impersonation of CISA contacts. In the event that you find yourself on the receiving end of a CISA scam call, write down the phone number though which the call came in and follow standard procedure – immediately hang up.
Afterwards, call CISA to have the agency validate the phone number (844-729-2472) or report the scam attempt to law enforcement.
Protect your organization
- To safeguard your organization from cyber scams, provide employees with training around phishing attempts, which can occur via phone, text or email.
- Also, since scammers are commonly after valuable assets or the money itself, establish clear protocols for verifying any requests for sensitive information or financial transfers.
- Beyond that, ensure that your organization leverages the latest email security solutions and advanced threat prevention technologies. Learn more here.
Scam insights
For more insights into the latest cyber scams, see CyberTalk.org’s past coverage:
- Discover how hackers tried to scam this Check Point cyber security professional – click here
- Get details about the latest 401(k) scams – click here
- Read about how hundreds of people were rescued from cyber scam factories – click here
Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.