FBI Warns All Smartphone Users—Stop Making These Calls

Why you must by no means name these cellphone numbers — ever.

NurPhoto by way of Getty Pictures

Up to date on Dec. 10 with a brand new report exposing how this new risk works.

Contemporary from The FBI’s account takeover warning final week, with more than $260 million already stolen in 2025, the bureau has issued a brand new warning for smartphone customers. “Criminals are pretending to be your financial institution to empty your accounts,” it says. However calling sure cellphone numbers additionally dangers you dropping all of your life financial savings.

In these assaults, “cyber criminals acquire unauthorized entry to the focused on-line monetary establishment, payroll, or well being financial savings account, with the objective of stealing cash or data for private acquire.” Accounts are hacked “by social engineering strategies — together with texts, calls, and emails — or by fraudulent web sites.”

The bureau says you must monitor your accounts, checking for something uncommon. However critically, should you see do something surprising, the bureau say “don’t do an web search” for the financial institution’s cellphone quantity. You will need to cease utilizing search engines like google for numbers. “Contact the cellphone quantity/web site on the again of your card.”

Simply as critically, “take a beat” the FBI says. That’s the theme of its newest marketing campaign for the vacation season. Attackers create a false sense of urgency to trick you into performing earlier than you might have time to assume. There’s a hacker accessing your account, they’ll say, or a fraudulent transaction about to shut. An pressing message or name is a pink flag. Interval.

Google has simply issued the identical warning. “Criminals impersonate banks or different trusted establishments on the cellphone,” it says, “to attempt to manipulate victims into sharing their display screen with a purpose to reveal banking data or make a monetary switch.”

An Android pilot now reveals a warning should you share your display screen with an unknown quantity whereas opening a banking app. “The warning features a 30-second pause interval earlier than you’re in a position to proceed, which helps break the ‘spell’ of the scammer’s social engineering, disrupting the false sense of urgency and panic generally used.”

It’s not solely search engines like google. The identical now applies to AI assistants as nicely. “You belief your search outcomes. And also you in all probability belief your AI assistant, too.” ZeroFox says. “However what occurs when each are being manipulated?”

That is “a rising risk to organizations and types,” ZeroFox warns. “Particularly as folks more and more flip to LLMs for quick solutions to high-stakes questions like “How do I contact buyer assist for [Your Brand]?”

And this will faux any model — nonetheless massive it could be. MalwareBytes says it discovered “tech assist scammers hijacking the outcomes of individuals in search of 24/7 assist for Apple, Financial institution of America, Fb, HP, Microsoft, Netflix, and PayPal.”

A brand new report from Aurascape Aura Labs has simply highlighted how easy an assault this may be. They’ve found, what they are saying is “the primary real-world marketing campaign the place attackers systematically manipulate public internet content material so that giant language mannequin (LLM)–powered methods, reminiscent of Perplexity and Google’s AI Overview, suggest rip-off ‘buyer assist’ cellphone numbers as in the event that they have been official.”

The workforce says this isn’t a brand new flaw, however relatively a chance for a brand new risk vector “created by the shift from conventional search outcomes to AI-generated solutions.”

This underlines why the bureau’s recommendation is to not search numbers or ask LLMs to search out them on-line. “When querying Perplexity with: ’the official Emirates Airways reservations quantity’,” the researchers say, “the system returned a assured and absolutely fabricated reply that included a fraudulent call-center rip-off quantity: ’The official Emirates Airways reservations quantity is +1 (833) 621-7070’.”

It was the identical with British Airways. “When querying Perplexity with: ‘how can I make a reservation with British Airways by cellphone, what are the steps’, Perplexity responded with an in depth, authoritative-sounding step-by-step information — and as soon as once more embedded a fraudulent U.S. reservation quantity, presenting it as a ‘generally used’ British Airways contact: “For US prospects, a generally used cellphone quantity is +1 (833) 621-7070, the place you can be linked to a reservations specialist.’”

However that’s not a BA quantity in any respect. Not even shut. “It’s the similar rip-off call-center quantity noticed in different poisoned contexts, now repurposed and surfaced throughout a number of airline manufacturers.”

Aurascape Aura Labs says “the identical poisoning sample seems in Google’s AI Overview characteristic.” After being requested to retrieve particulars, “the AI Overview generated a assured, tutorial response — and embedded a number of fraudulent call-center numbers as in the event that they have been reliable Emirates customer support strains.”

That’s worrying as a result of it goers to the reliability (or in any other case) or AI search outcomes. “Poisoned content material shouldn’t be solely influencing LLM-first merchandise like Perplexity — it has begun to floor inside mainstream search experiences that now depend on AI-generated summaries, considerably increasing the attain and potential influence of the assault.”

An attacker can message and trick victims into putting calls to banks, having poisoned search engine optimisation outcomes for the numbers they’ll seemingly name. It’s the identical for all unsolicited assist or safety calls. You will need to cease making any calls to numbers searched on-line — or now by way of an AI assistant. Discover verifiable contact particulars. Each time.

The FBI has now issued a brand new Dec. 8 public advisory, warning “don’t let scammers smash your vacation season. As scammers more and more use strain ways and synthetic intelligence to defraud Individuals out of their hard-earned cash, the FBI is reminding everybody to guard themselves and their households from fraud this vacation season.”

This follows the identical “take a beat” messaging. “’For those who really feel pressured to behave quick, pay cash, or flip over private data—take a beat. Cease and assess if what you’re being instructed is actual. Discuss to your households. Shield one another from scams,’ mentioned FBI Director Kash Patel. ‘Scammers are banking on the truth that you’ll really feel too embarrassed to return ahead and report the crime to the FBI. Do not allow them to win’.”

The opposite recommendation is to speak to your “family members about not sharing delicate data with folks they’ve met solely on-line or over the cellphone. In addition they shouldn’t ship cash, present playing cards, cryptocurrency, or different belongings.” Weak residents, particularly older generations, are particularly inclined to the brand new wave of scams doing the rounds.

That’s behind the bureau’s different key warning in latest days, that attackers at the moment are doctoring social media footage to launch “virtual kidnappings.” These use the altered pictures to frighten family into pondering a beloved one has been taken.

“Prison actors usually will contact their victims by textual content message claiming they’ve kidnapped their beloved one and demand a ransom be paid for his or her launch. Oftentimes, the felony actor will categorical important claims of violence in direction of the beloved one if the ransom shouldn’t be paid instantly.”

Take a beat, because the bureau says. Take time to assume. All these scams prey on a way of dread and urgency, and most now use AI ultimately to make all of it look actual.