Full Report
If you’re going to impersonate an officer, perhaps choose a more sophisticated way to nick cash than asking for gift cards…
Analysis Summary
# Incident Report: Impersonation of PSNI Switchboard via Caller ID Spoofing
## Executive Summary
Scammers utilized Caller ID spoofing to impersonate the Police Service of Northern Ireland (PSNI) switchboard number in a social engineering campaign. The attackers attempted to coerce victims into sharing banking details and purchasing gift cards by fabricating a criminal investigation linked to the victim's name. In this specific instance, the victim recognized the "gift card" request as a red flag and no financial loss occurred.
## Incident Details
- **Discovery Date:** Monday afternoon (June 1, 2026, based on article context)
- **Incident Date:** June 1, 2026
- **Affected Organization:** Police Service of Northern Ireland (PSNI) (Impersonated)
- **Sector:** Public Sector / Law Enforcement
- **Geography:** Northern Ireland, UK
## Timeline of Events
### Initial Access
- **Date/Time:** Monday afternoon.
- **Vector:** Telephony (Vishing).
- **Details:** Attackers placed a call to a member of the public using a spoofed phone number matching the PSNI switchboard.
### Lateral Movement
- **N/A:** This was an external social engineering attack targeting the public rather than a network intrusion.
### Data Exfiltration/Impact
- **Targeted Data:** Personal banking details and financial assets (via gift card codes).
- **Outcome:** Unsuccessful in the primary reported case; however, the PSNI reported a separate related incident involving a £250,000 loss via a crypto-scam and malware.
### Detection & Response
- **Detection:** The targeted individual became suspicious when the "officer" requested gift cards as part of an investigation.
- **Response Actions:** The victim blocked the caller and reported the incident to the PSNI. The PSNI issued a Public Service Announcement (PSA) to warn the community.
## Attack Methodology
- **Initial Access:** Vishing (Voice Phishing) and Caller ID Spoofing.
- **Persistence:** N/A.
- **Privilege Escalation:** N/A.
- **Defense Evasion:** Use of a "trustworthy" official switchboard number to bypass victim skepticism.
- **Credential Access:** Social engineering aimed at soliciting bank card information.
- **Discovery:** Scammers used fabricated "investigation details" regarding money transfers to narcotics-related countries to create urgency.
- **Lateral Movement:** N/A.
- **Collection:** Requesting gift card codes and bank details.
- **Exfiltration:** Manual transfer of gift card codes by the victim (prevented).
- **Impact:** Financial fraud / Theft.
## Impact Assessment
- **Financial:** No loss in the primary reported vishing case; £250,000 loss in the secondary mentioned crypto-scam.
- **Data Breach:** None reported; sensitive personal details were protected by the victim's vigilance.
- **Operational:** Minimal disruption to PSNI operations, though necessitating public relations resources.
- **Reputational:** High risk of erosion of public trust in official police communications.
## Indicators of Compromise
- **Network indicators:** PSNI Switchboard Number (Spoofed) - [028 9065 0222] (Defanged for reporting: 028[.]9065[.]0222)
- **File indicators:** N/A (Note: Secondary crypto-scam mentioned unspecified malware).
- **Behavioral indicators:** Request for payment via gift cards; request for bank card details over the phone; claims of urgency involving "narcotic-related countries."
## Response Actions
- **Containment:** Public warned via media and official PSNI channels.
- **Eradication:** Follow-up inquiries by the Serious Crime Branch to identify the perpetrators.
- **Recovery:** Education of the public on legitimate police procedures (e.g., police will never ask for gift cards).
## Lessons Learned
- **Red Flag Identification:** The request for non-standard payment (gift cards) remains a primary indicator of fraud for the public.
- **Trustworthiness of Caller ID:** Caller ID is easily manipulated and should not be used as a sole verification of identity.
- **Public Vigilance:** The victim's decision to block the caller and report the incident prevented financial loss.
## Recommendations
- **Verification:** Advise the public to hang up and call the official department back using a number found on an official website if a call seems suspicious.
- **Telephony Security:** Implementation of STIR/SHAKEN protocols by service providers to reduce the efficacy of Caller ID spoofing.
- **Security Awareness:** Continued PSA campaigns highlighting that no government agency or law enforcement body will ever request payment via gift cards or cryptocurrency.