Summary:
CISA has issued a warning about a new phone-based impersonation scam. In this scheme, scammers are pretending to be CISA employees, using the names and titles of real government staff to lend credibility to their deceit. These fraudsters typically request victims to wire money, provide cash, cryptocurrency, or gift cards, and often instruct them to keep their communication confidential. The agency's alert emphasizes that such requests are never made by CISA staff, and any such contact should be regarded as a scam.

Security Officer Comments:
Last year, the FBI reported over 14,000 government impersonation scams, resulting in $394 million in losses, making it the seventh highest-grossing cybercrime. The Federal Trade Commission (FTC) noted that impersonation fraud losses tripled from 2020 to 2023, exceeding $1.1 billion in 2023. While phone-based scams decreased from 67% to 32% during this period, they remain the most common type, surpassing email and text scams. Fraudsters are increasingly blending business and government impersonation. Vishing (voice phishing) is a significant threat, with nearly 10% of those contacted falling for scams. The manufacturing, engineering, entertainment, and media sectors are the most targeted, along with customer support and IT workers.

Suggested Corrections:
The agency urged anyone who suspects they have a fraudster on the other end of the line to:

• Not pay the caller
• Take note of the incoming phone number
• Hang up immediately
• Report the incident by calling CISA at (844) SAY-CISA (844-729-2472) or contact law enforcement

Link(s):
https://www.infosecurity-magazine.com/news/cisa-phone-scammers-impersonating/