CISA has issued a warning about a rise in phone-based impersonation fraud campaigns [2], where scammers are posing as government employees to deceive victims into giving up personal information or money.


These fraudsters use social engineering techniques to create urgency and pressure victims into taking action [2], such as claiming bank accounts are compromised or loved ones are in danger [2]. CISA advises individuals not to pay the caller, take note of the incoming phone number [3] [4], hang up immediately [3] [4], and report the incident to CISA or law enforcement [3] [4]. Last year, Americans reported 490,000 impersonation scams to the FTC [2], resulting in over $1.1 billion in losses [2]. Impersonation fraud losses have seen a significant increase [4], with phone-based scams being the most common type [4]. Sectors such as manufacturing, engineering [2] [4], entertainment [4], media [4], customer support [4], and IT are among the most targeted by these scams. Vishing (voice phishing) has become a major enterprise threat as fraudsters now combine business and government impersonation tactics. The FTC has seen a decrease in phone call scams but an increase in text and email scams [2], indicating scammers are adapting their tactics [2].


Impersonation scams have led to significant financial losses for victims [1], with scammers using the names of government agencies to lend credibility to their schemes [1]. Organizations are urged to remain vigilant and educate employees about fraudsters’ tactics to mitigate risks [3]. The real CISA will never ask for money over the phone and will not pressure you to keep the call a secret [1]. The FBI’s Internet Crime Report also revealed a record increase in reported losses to online crime [1], emphasizing the importance of public vigilance against phishing emails and malicious scripts [1].