The FBI has issued an urgent advisory about a new wave of AI-generated phishing attacks specifically targeting federal government employees with unprecedented sophistication.
The Threat
Attackers are using large language models to craft phishing emails that are virtually indistinguishable from legitimate government communications. The emails use correct formatting, appropriate jargon, and reference real ongoing projects obtained from public records.
New Techniques
- AI-generated voice calls impersonating supervisors (vishing)
- Deepfake video calls requesting credential verification
- Personalized emails referencing targets' published work and social media
- Clone sites replicating government login portals with valid SSL certificates
Protection Measures
CISA recommends enabling phishing-resistant MFA (FIDO2 hardware keys) on all government accounts. Verify any unusual requests through a separate communication channel. Never click links in emails — navigate to sites directly.
The advisory notes that traditional email security filters catch only 62% of AI-generated phishing attempts, compared to 95% for traditionally crafted phishing.
