New CISA phone scam, fraudsters pretend to be agency employees

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory Wednesday warning Americans to beware of phone scammers posing as CISA employees.

CISA said they recently became aware that call fraudsters had been falsely claiming to represent the agency when on the phone with their victims.

The agency also wanted to remind people that impersonation scams were on the rise across the US. And as with the latest CISA phone scam, the names and titles of government employees are often used to trick those who pick up the call.

The advisory is to remind people that CISA staff will “never contact you” with a request for money, including all forms of money such as wire, cash, cryptocurrency, or gift card, CISA said.

Last, the agency noted it would never have CISA employees “instruct you to keep the discussion secret.”

CISA phone scam advisory

The advisory did not mention what the scam entailed, but in 2019, CISA released an advisory that November warning of scammers impersonating CISA employee.

The fake employees would “claim to have knowledge of the potential victim’s questionable behavior and attempts to extort money,” CISA said at the time.

The agency lists several things a person can do if they think they have been targeted or being threatened by an impersonation scammer claiming to be a CISA representative:

  • Do not pay the caller.
  • Do not respond or try to contact the caller.
  • Take note of the phone number calling you.
  • Hang up immediately

Phone tech scams - an oldie but goodie

Another well-known and possibly related phone fraud scam, the ‘Tech Support’ scam, has been successfully floating around for years, or at least since the mid-2000s.

A 2023 FBI Internet Crime Report released this spring found that last year, the US government fielded over 50,000 complaints of phone tech/government scams, up from previous years.

The FBI said victims were bilked out of $1.3 billion in 2023, another year-over-year increase since first recorded in 2019, at a barely over $175 million in losses.

Tech scams were also listed by the FBI in 2023 as the type of scam most capitalized on to target the elderly.

According to a tech scam profile by Miller Law Firm in Texas, it often begins with an email or phone call from someone who claims to be from a big tech company (Microsoft).

The fraudster convinces the victim their computer is malfunctioning and needs to be fixed – all to steal sensitive data, such as personal and credit card information, or install malware on the computer the law firm said.

Scam phone caller 750
Image by Rokas Tenys | Shutterstock

For the most recent scam, one could assume the CISA impersonators may try and convince a victim their personal information had been stolen in a recent breach or the victim had violated some sort of security protocol in their home network setup and was in trouble.

Scammers often use psychology during the interaction to play on the victim’s emotions, for example, to instill a sense of urgency or fear, forcing them to make a less informed split decision.

By impersonating an authority figure, the scammers play on the fact that more victims are likely to acquiesce to someone they believe is a US government official.

The CISA advisory provides a number to call (1-844-SAY-CISA) to validate a caller. Otherwise CISA said to report any instances to law enforcement.