Widespread Vishing Effort Impersonates CISA Staff

The cybersecurity agency issued a warning not to agree to any payment requests and to alert law enforcement or CISA after being contacted.

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an alert this week warning that malicious actors have been making phone calls claiming to be representatives from the organization, and making requests for cash, gift card, or cryptocurrency transfers.
Impersonation scams are on the rise and often use the names and titles of government employees, CISA explained in the
brief advisory
. As a reminder, CISA staff will never contact you with a request to wire money, cash, cryptocurrency, or use gift cards and will never instruct you to keep the discussion secret.
The CISA did not offer additional details as to whom might be perpetrating the
voice phishing (vishing) fraud attempts
, but advised anyone who is contacted in such a scheme to deny the request for payment, make note of the phone number and hang up immediately.
Those contacted were also asked to report the incident to law enforcement and reach out to CISA by calling (844) SAY-CISA (844-729-2472).
The perpetrators might aim to fund further criminal activities or simply profit from the immediate financial returns of their deceitful tactics, says Ezra Graziano, director of federal accounts at Zimperium.
Such scams can be orchestrated by organized cybercriminal groups or individual actors seeking to exploit peoples trust in government agencies, he said. This incident highlights the evolving tactics of cybercriminals, who are increasingly using sophisticated social engineering techniques to exploit trust in government agencies.
He added the fact that scammers are impersonating CISA employees underscores the urgency for individuals and organizations to be vigilant.
It also reflects the broader trend of targeted phishing attacks where fraudsters aim to exploit the authority and credibility of well-known institutions, Graziano said.
Other government agencies impacted by impersonation scams include the FBI and its
Internet Crime Complaint Center
, which has been targeted as far back as 2018.
Beyond impersonation of government officials and agencies, malicious actors are also
targeting brands
by setting up scam sites aping those of legitimate businesses to sell counterfeit goods or process payments without sending the product.
These types of scams have cost consumers more than $2 billion since 2017,
according to
the US Federal Trade Commission (FTC).
Sean McNee, head of research for DomainTools, said the most important thing employers can do is educate employees about various types of scams, how they work, and how to recognize them.
This includes understanding tactics used by scammers, such as impersonation, social engineering, and phishing, he says.
For instance, employees should be suspect of unsolicited calls or emails, verify the identity of unknown or new callers, and be wary of unusual requests for sensitive information.
He explains that phone-based scams work by
creating a false sense of urgency
to manipulate the receiver to take actions they normally wouldn’t take.
Understanding this … helps reduce its effectiveness, McNee says.
Patrick Harr, CEO of SlashNext Email Security+, points out that impersonation scams have long been a tool of scammers whereby they impersonate high-value individuals, such as executives, CEOs, or other high-value targets and sometimes what can be perceived as scary agencies, such as the IRS. He predicts that scams like these will only increase with the weaponization of AI generated voice, video and text.
Thus, from Harrs perspective, any good cyber defense is a multi-layered defense against scams, phishing, business email companies and other socially engineered attacks.
Firstly, ensure businesses have multifactor authentication (MFA), password change control, AI based email and messaging security and detection and monitoring in place, he cautions. Companies, organizations, and individuals must employ AI themselves to fight these scams, otherwise we will see continued success.
Dont miss
Anatomy of a Data Breach: What to Do if It Happens to You
, a free Dark Reading virtual event
scheduled for June 20! Speakers include Verizons Alex Pinto, execs from Snowflake, pharma giant GSK, Salesforce, and more — register today!

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Widespread Vishing Effort Impersonates CISA Staff