Fraud Management & Cybercrime , Social Engineering
Fraudsters Impersonate CISA in Money Scams
CISA Won't Ask You to Wire Money or Keep Discussions SecretIf you've received an urgent phone call from the U.S. Cybersecurity and Infrastructure Security Agency about a security vulnerability, you should know: The call wasn't really from CISA.
See Also: 5 Real-Life Examples of Cyberattacks and How to Stop Them
The U.S. cyber defense agency on Wednesday published an alert warning Americans against sending money, cryptocurrency or gift cards to any caller that claims to be a CISA employee. The agency said it became aware of "recent impersonation scammers claiming to represent the agency."
"Impersonation scams are on the rise and often use the names and titles of government employees," the alert says, adding that "CISA staff will never contact you with a request to wire money" and "will never instruct you to keep the discussion secret."
Americans reported more than $1.1 billion in financial losses due to impersonation scams in 2023, according to the Federal Trade Commission. That's more than triple the reported estimate in 2020. The commission received nearly 160,000 reports of government impersonation scams and over 330,000 reports of business impersonation scams.
The FTC said impersonation scammers are finding new ways to reach Americans and cited a 26% increase in email scams and a 14% jump in text scams from 2020 to 2023. Many impersonation scammers have begun to impersonate more than one organization in a single scam, according to the commission.
"A fake Amazon employee might transfer you to a fake bank or even a fake FBI or FTC employee for fake help," the FTC warned in April.
CISA recommends that anyone who suspects they could be a target of an impersonation scammer claiming to be an employee of the agency take note of the phone number, hang up immediately without sending any payments and then validate the contact by calling the agency at 844-729-2472 - or report the contact to law enforcement.