According to Cointelegraph, hackers utilizing deepfake technology are targeting U.S. federal and state officials by impersonating senior government figures in a sophisticated phishing campaign aimed at stealing sensitive data. The FBI issued a warning on May 15, highlighting that these cybercriminals have been active since April, employing deepfake voice and text messages to deceive victims. The agency cautioned against assuming the authenticity of messages purportedly from senior U.S. officials, as compromised accounts could lead to further targeting of government personnel and their contacts using trusted information obtained through these scams.
The FBI detailed that the hackers are attempting to access victims' accounts by directing them to malicious links and hacker-controlled platforms designed to harvest sensitive data such as passwords. Additionally, contact information acquired through social engineering tactics could be exploited to impersonate individuals and solicit information or funds. In a separate incident, Sandeep Nailwal, co-founder of the blockchain platform Polygon, reported on May 13 that he was targeted in a deepfake scam. Nailwal expressed concern over the attack vector, noting that several individuals contacted him via Telegram, questioning whether he was on a Zoom call and requesting them to install a script.
Nailwal explained that the scammers hacked the Telegram account of Polygon's ventures lead, Shreyansh, and invited people to a Zoom call featuring deepfakes of Nailwal, Shreyansh, and another person. The audio was disabled, prompting the scammer to request the installation of an SDK, which Nailwal warned would compromise the victim's security. He also highlighted the lack of a mechanism to report such incidents to Telegram, suggesting the need for a social method to flag suspicious accounts. Responses to Nailwal's post included reports from other users who had been targeted, including Web3 OG Dovey Wan, who shared her experience of being deepfaked in a similar scam.
To mitigate the risk of falling victim to these scams, Nailwal advises against installing anything during online interactions initiated by others and recommends using a separate device for accessing crypto wallets. The FBI also emphasizes verifying the identity of anyone who contacts you, scrutinizing sender addresses for errors, and checking images and videos for unrealistic features. The agency further advises against sharing sensitive information with unknown individuals, clicking on links from unfamiliar sources, and advocates for the use of two-factor or multifactor authentication to enhance security.