The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that scammers are impersonating its employees in an attempt to commit fraud.
In an alert posted on the CISA website, the organisation warned that so-called impersonation scams are on the rise.
An impersonation scam is any type of fraud where a criminal pretends to be a trusted individual or organisation to dupe a victim into handing over personal information or money or taking an unwise action.
Impersonation scammers will often put some effort into making their fraudulent communications look more convincing, such as spoofing phone numbers, email addresses, or even creating profiles on social media to appear as if they are from a government department, the police, or a bank.
Social engineering techniques are typically deployed by the scammer to push the intended victim into taking urgent action, such as telling them that their bank account has been compromised, their network may be at risk if they don’t take immediate steps, informing them that overdue taxes must be paid, or that a loved one is in danger.
And then, inevitably, the scammer will ask the victim to hand over sensitive personal information such as passwords or social security numbers, transfer money or cryptocurrency, or purchase gift cards to pay a supposed fee or fine.
CISA’s warning advises that its staff will “never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret.”
So, citizens are advised to treat such communications with extreme caution – even if they use the names and titles of government employees.
490,000 impersonation scams were reported last year by Americans to the FTC, with losses topping US $1.1 billion, meaning that the problem has tripled since 2020.
The FTC’s report found that the number of reports of imposter scams starting with a phone call had “plummeted” while reports of scams starting with a text or email had increased.
Nonetheless, it is clear that some scammers are prepared to invest the time to make contact with their intended victims via phone, posing as CISA employees, if they believe it will prove more convincing to the victim.
CISA has the following simple advice for anyone who believes they are being targeted by a scammer impersonating a CISA employee:
Do not pay the caller
Take note of the phone number calling you
Hang up immediately.
Validate the contact by calling CISA at (844) SAY-CISA (844-729-2472) or report it to law enforcement.
That seems like excellent advice to me. Always verify the identity of the person contacting you before sharing any personal information or sending money. Contact organisations directly using a trusted phone number or website – just make sure not to use the phone number or URL given to you by the potential scammer!
For further advice on how to spot imposter scams, be sure to check out this resource from the FTC.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.