FedFakes: Scammers pose as federal agencies adding complexity to defense strategies

Despite how many filters you may have, spam calls are an increasingly common experience that resonates with everyone. While annoying and inconvenient, they can often come with associated risks like impersonation attempts, where scammers pose as legitimate businesses, government agencies, or even friends and family. Such scams often involve fraudulent communication through phone calls, emails or even social media messages, where the scammer poses as a trusted entity to manipulate victims into voluntarily taking actions that benefit the scammer’s agenda.   

While impersonation scams are not new, how they are delivered is changing. This trend has been further accelerated and made more successful due to advancements in generative AI technology. With easily accessible AI tools like voice cloning, scammers can replicate someone’s voice with as little as a three-second clip. The gravity of this situation is exemplified by recent events, such as the Biden robocall that highlighted how scammers can even exploit trusted public figures for their deceptive tactics. As these scams become ever more convincing and difficult to distinguish from genuine communication, they present an increasingly significant challenge to security professionals and the general public.  

Rising threat: Targeting federal government agencies 

Last year was a record-breaking year for impersonation scams, particularly those involving scammers posing as federal government agencies to deceive individuals into disclosing money or sensitive information. In fact, approximately $1.3 billion was lost by Americans to scammers impersonating government officials. The financial losses suffered by U.S. individuals due to government impersonation scams have surged by over sevenfold since 2019, indicating a significant increase in fraudulent activity targeting federal government agencies.   

These types of impersonation scams can involve scammers calling and falsely claiming that an individual will lose their Medicare benefits unless they pay a new fee, posing as an IRS agent insisting that the recipient owes back taxes or fines, or even pretending to be law enforcement or border patrol agents seeking to use the threat of criminal prosecution as a means of intimidating victims into paying fraudulent penalties. The hallmark of these tactics is using  fear of real-life scenarios and creating a sense of urgency to pressure victims into taking immediate action without considering the validity of the caller or situation 

 The problem: Deteriorating trust in government 

These scams are particularly concerning because consumers tend to place higher trust in federal agencies, viewing them as reliable and authoritative entities. Because victims are more likely to disclose sensitive information due to their trust in federal agencies or officials, criminals know these scams are more likely to be successful; a top criterion for any criminal. Addressing these scams is imperative for protecting individuals from financial harm and maintaining public confidence. 

 Additionally, when fraudulent activities erode public trust in government institutions it undermines the foundation of democratic governance. Therefore, combating impersonation scams is crucial for safeguarding the integrity of governmental processes and ensuring that citizens continue to have faith in the institutions designed to serve and protect them. 

 The solution: Arm federal agencies with tools and tactics 

In addition to the Federal Trade Commission’s new rule to combat government and business impersonation scammers, federal agencies must remain vigilant against the ever-evolving external cyber threat landscape. This is especially crucial as cybercriminals continuously adapt their tactics to bypass traditional defensive security measures.  

As threat actors become more adept at evading detection, the need for proactive cybersecurity measures becomes increasingly crucial. This requires a subtle shift in how federal government agencies increasingly defend against these threats proactively while respecting the civil rights of all Americans. In addition to addressing red and blue spaces, this shift involves an effective cybersecurity program that addresses the “gray space” within the attack surface, which includes internet infrastructure, applications, platforms and forums managed by third parties.  

Fortunately, there are many tools available to monitor that gray space. Threat intelligence solutions — such as fake account detection and takedown measures — are key tools that prevent cybercriminals from using fraudulent accounts to impersonate government entities. The lines between real and fake are increasingly blurred as AI tools make it increasingly easier to develop realistic-yet-inauthentic content that challenges individuals and organizations to know what’s real. This increases everyone’s vulnerability to scams, including phishing attacks, ransomware attacks, and Business Email Compromises (BEC). By actively monitoring and removing fake accounts on social media and other web platforms, agencies can proactively — and automatically — disrupt impersonation scammers’ operations within minutes.  

However, being armed with the right security tools to prevent potential attacks is not enough to rest assured. Federal government agencies must maintain ongoing security measures. This can be achieved through the oversight of security operations center functions of monitoring, detection, analysis and responding to security threats. Essential security tools include endpoint detection and response, security information and event management, and security orchestration, automation and response.   

Finally, the linchpin in developing a more unified, proactive security approach lies in the adoption of resilient incident response solutions. These solutions capitalize on existing intelligence to minimize the mean time to detect and mean time to remediate security incidents, improving overall defense capabilities, while providing artifacts back to Intelligence teams for iterative improvements. Additionally, breach notifications play a crucial role in upholding compliance with laws and regulations, while also fostering transparency, which is essential for gaining and maintaining public trust.  

 Augmenting technology with a shift in mindsets and teams 

Federal government agencies must reassess their team structures. For instance, while a security team focused on internal security employs advanced technical measures to safeguard logical assets like databases and networks from compromise, they may need more expertise to protect the agency’s reputation from being used to defraud the American public. To effectively establish an external cybersecurity program, cross-organizational collaboration is essential. This includes experts in technical and physical threat vectors and people well-versed in the dynamics of social media and business platforms, including their potential for misuse. Through increased collaboration that looks at security holistically, government agencies can enhance their resilience against cyber threats while safeguarding the trust and confidence of the public they serve.   

Furthermore, in addition to safeguarding with threat intelligence tools and reassessing team structures, it’s crucial to implement a cybersecurity training and awareness program with a strong focus on phishing and impersonation attacks. By educating employees on recognizing phishing and impersonation tactics, agencies can prevent them from falling victim to these attacks. This training should cover common phishing techniques, such as impersonation emails and fake websites, along with guidance on verifying the legitimacy of communications and URLs. Most importantly, this should not be another annual “check the box” training program. The most effective security training is integrated into daily life as part of a culture of security, with emphasis placed on rewarding people who successfully demonstrate security awareness instead of only focusing on punishing those who struggle to comply.  

Ensuring the integrity of government communications is of utmost importance, as every breach of trust erodes public confidence in the government. External cybersecurity represents a new frontier that demands a fresh mindset, approach and set of tools. Traditional cybersecurity strategies have primarily only focused on defending against threats within the organization’s network perimeter. However, the increasing sophistication of threat actors and the persistent growth of attacks originating from outside the perimeter (like impersonation scams) underscore the necessity for federal government agencies to adopt a more unified, proactive security approach.   

AJ Nash, is vice president and distinguished fellow of Intelligence at ZeroFox. 

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.