Cybercriminals frequently use smishing, vishing, and spear phishing to lure victims onto secondary messaging platforms. Once there, they may deploy malware or share malicious links that lead to fake websites designed to steal login credentials such as usernames and passwords.

  • Smishing: Attackers use software to generate anonymous phone numbers, posing as trusted contacts like family or colleagues to deceive targets via text.
  • Vishing: Increasingly, attackers use AI-generated audio to impersonate public figures or personal acquaintances, making their scams more convincing.

How to Identify Suspicious Messages

Use the following tips to recognize and avoid fraudulent communications:

  • Verify identities: Always confirm the identity of callers or message senders. Research the number or organization, and use a trusted method to contact the person directly.
  • Check for subtle inconsistencies: Look closely at email addresses, phone numbers, URLs, and spelling. Scammers often make small changes to appear legitimate.
  • Watch for visual and audio anomalies: AI-generated content may include distorted images, unnatural facial features, or odd voice patterns. Be alert to lag, mismatched voices, or strange movements.
  • Listen carefully: AI voice cloning can sound realistic. Pay attention to tone and word choice to detect inconsistencies.
  • When in doubt: If something feels off, consult your security team or contact the FBI.

Protecting Yourself from Fraud and Data Theft

  • Don’t share sensitive information: Never disclose personal or contact details to someone you’ve only interacted with online or by phone. Always verify new contact information through a known channel.
  • Avoid sending money or assets: Be cautious with requests for money, gift cards, or cryptocurrency. Confirm the request independently and assess its legitimacy.
  • Don’t click unknown links: Always verify the sender before clicking on links in emails or texts.
  • Be cautious with downloads: Only download attachments or apps from verified sources.
  • Enable two-factor authentication (2FA): Use 2FA wherever possible and never share your authentication codes with anyone.
  • Use a family code word: Establish a secret phrase with family members to confirm identities in emergencies.

Reporting and Additional Resources

If you suspect you’ve been targeted or victimized:

  • Contact your organization’s security team, US Service Center, and the FBI.
  • Report incidents to your local FBI Field Office or the Internet Crime Complaint Center (IC3) at www.ic3.gov.