An attempt to impersonate White House Chief of Staff Susie Wiles is currently being investigated by US federal agencies. The incident highlights the ongoing dangers posed by key individuals using their personal phones to store the phone numbers of important contacts, now that voice cloning enables cybercriminals to mimic anyone’s voice with ease.
Over the last few weeks, senators, governors, top US business executives, and other contacts of Wiles have been called by a person falsely claiming to be Wiles herself. In some cases, the people called say that the voice speaking with them actually sounded like her. But the threat actor made some basic errors in trying to impersonate the White House chief of staff and does not appear to have done his or her homework in scripting a convincing dialogue, on one occasion even allegedly requesting a cash transfer. Some of the exchanges with the impersonator also raised other red flags, as the impersonator asked questions concerning President Trump that Wiles would not have asked, as she would have already known the relevant information. In some cases , the threat actor also used suspiciously poor grammar.
Wiles was previously in the final months of Trump’s 2024 presidential campaign. Threat actors believed by the US authorities to be acting on behalf of Iran approached journalists and political operatives with a variety of fake messages sent to and from Wiles, some of which were even published.
A wake-up call for all types of organizations
As Wiles is a key aide of President Donald Trump and central to the White House’s operations, the content of her personal phone would be of great interest to a range of foreign intelligence agencies and other hostile actors and this security breach can be seen as a wake-up call for other White House staffers who continue to use their personal devices to store work contacts. But it should also be a wake-up call for all types of public and private sector organizations on both sides of the Atlantic.
Most organizations still allow even senior members of staff to make work calls from their personal phones, particularly when they are away from the office. Such devices are generally easy to hack and frequently contain a wealth of information in the form of messages and even emails, in addition to a list of contact phone numbers.
While the Wiles threat actors were foolish to give themselves away through a failure to do basic social engineering research, this is not the case in more sophisticated ransomware gangs, who increasingly harness artificial intelligence (AI) to carry out extensive research on key individual they are targeting, trawling them across all social networks and public communications channels.
Until very recently, social engineering of this type was a lengthy and fairly skilled process involving trawling numerous social networks to painstakingly build a detailed profile of the targeted member of staff. But, as Cyber Intelligence has previously reported off-the-shelf phishing kits now provide AI tools that can accomplish this profiling process in seconds rather than hours or days, and off-the-shelf voice-cloning software is cheap and widely available online.
Organizations should not only educate staff to be wary of unsolicited phone calls but also have firm guidelines regarding the use of personal communications devices and should immediately ditch the bring-your-own-devices (BYOD) philosophy that was widely adopted during the pandemic.
