Deepfake audio has moved from a technical curiosity into a practical tool for fraud. The FBI is warning that malicious actors are using AI-generated voice messages to pose as senior US officials and pressure recipients into trusting messages that can lead to compromised accounts or infected computers.
The warning matters because the tactic attacks a basic habit: people tend to trust familiar voices, especially when the message appears to come from a powerful or known contact. In this campaign, voice is not used alone. It is paired with text messages, links, and attempts to shift the conversation onto another platform.
What the FBI says is happening
According to an advisory from the FBI Internet Crime Complaint Center, the campaign has been active since April 2025 and has involved impersonation of senior US officials. The targets include individuals who are current or former senior US federal or state government officials, as well as their contacts.
“If you receive a message claiming to be from a senior US official, do not assume it is authentic.”
The advisory describes a malicious messaging campaign that uses AI-generated voice audio to make an impersonation more convincing. Attackers also send text messages in an effort to establish rapport before attempting to gain access to personal accounts.
The central risk is not only that a fake voice may sound real. It is that the voice can make the next step feel routine. A recipient may be asked to continue the conversation on a separate messaging platform, then be sent a link that supposedly enables that move. If the target clicks, the link can expose the device or account to compromise.
The FBI did not provide additional details about the specific campaign. But the structure described in the warning is familiar in modern social engineering: first create trust, then create a reason to act, then move the target toward a link or platform controlled by the attacker.
Why deepfake audio makes the scam harder to spot
Deepfakes use AI to imitate a person’s voice and speaking characteristics. The source article notes that the differences between a real speaker and a simulated one are often indistinguishable without trained analysis. Deepfake video can operate in a similar way, using AI to imitate visual identity as well as sound.
That matters because older fraud warnings often relied on obvious signals: strange wording, crude recordings, mismatched contact details, or messages that felt visibly fake. AI-generated voice can reduce some of those signals. A message can appear to carry the authority of a recognizable person even when the content is fraudulent.
The FBI’s warning also arrives as reports have increased of deepfaked audio, and sometimes video, being used in fraud and espionage campaigns. The source article gives two examples from last year that show how broad the problem has become.
- Password manager LastPass warned that it had been targeted in a sophisticated phishing campaign using email, text messages, and voice calls. One part of that campaign involved a deepfake audio call impersonating company CEO Karim Toubba.
- A robocall campaign encouraged New Hampshire Democrats to sit out the coming election using a deepfake of then-President Joe Biden’s voice. A Democratic consultant was later indicted in connection with the calls, and the telco that transmitted the spoofed robocalls agreed to pay a $1 million civil penalty for not authenticating the caller as required by FCC rules.
These examples are different in their goals and setting, but they point to the same larger issue. Voice can now be part of the deception layer, not proof that the message is legitimate.
How to verify a suspicious message
The FBI advisory recommends slowing down and verifying identity before responding. That advice is especially important when a message claims to come from a senior official, a known contact, or an organization with authority.
One basic step is to research the originating number, organization, or person who appears to be contacting you. Then, instead of replying directly, independently identify a phone number for the person and call that number to confirm whether the message is real.
The advisory also recommends closely checking the details around the message. That includes the email address, messaging contact information, phone numbers, URLs, and spelling used in the communication. Scammers may rely on small changes in names or contact information, and they can use publicly available photographs in text messages to make the approach feel legitimate.
For images and video, the FBI suggests looking for subtle imperfections. These can include distorted hands or feet, unrealistic facial features, indistinct or irregular faces, unrealistic accessories such as glasses or jewelry, inaccurate shadows, watermarks, voice call lag time, voice matching, and unnatural movements.
For voice, the advisory says to listen carefully to tone and word choice. The challenge is that AI-generated voice cloning can sound nearly identical to a known contact. That means audio alone should not be treated as enough proof.
The hard part is pressure
The guidance is useful, but the source article notes a practical problem: attackers often create urgency. A sender may claim there is an emergency that requires an immediate response, making the recipient feel that verification is risky or rude.
That pressure is part of the scam. If a message asks for a fast decision, a platform switch, a link click, or access to an account, the safer response is to pause and confirm the identity through a separate channel. The more important the sender appears to be, the more important verification becomes.
There is also no simple technical test that can reliably solve the problem for every person in every situation. The article notes that it is not always clear how people can reliably confirm that phone numbers, email addresses, or URLs are authentic. That uncertainty is exactly why independent verification matters.
When authenticity is unclear, the FBI says people should contact relevant security officials or the FBI for help. The broader lesson is direct: deepfake audio scams work because they exploit trust, speed, and authority. The strongest defense begins with accepting that anyone can be fooled and building a habit of checking before acting.