Scammers posing as Federal Trade Commission employees have adopted a new trick: texting photos of fake government IDs to convince targets they are dealing with a real federal agent. The FTC issued a consumer alert in June 2026 spelling out that no legitimate employee of the agency will ever send a photo of an employee ID by text or WhatsApp. The warning arrives alongside fresh data showing that people reported losing $3.5 billion to imposter scams in 2025, a figure that reflects how profitable these schemes remain even after the agency finalized its Impersonation Rule in 2024.
Why fake photo IDs are the latest weapon in imposter scams
The shift toward texted photo IDs represents a logical adaptation by fraud operators. After the FTC finalized the Impersonation Rule in 2024, enforcement actions and public education campaigns made consumers more skeptical of cold calls and suspicious emails. A phone call from someone claiming to be a government agent now triggers alarm bells for many people. Scammers responded by raising the perceived authenticity of their outreach, and a photo of an official-looking badge or credential card delivered straight to a phone screen serves that purpose. The image creates an illusion of transparency that a voice on the phone cannot match.
The FTC’s June 2026 alert addresses this tactic head-on. According to the agency, real employees will not contact people by text or WhatsApp, will not text a photo of an employee ID to verify their identity, and will not offer to recover scam losses while asking for payment, transfers, or financial information. Those three bright-line rules give consumers a quick filter: if someone does any of those things, the contact is fraudulent, period.
The $3.5 billion in reported imposter-scam losses during 2025, disclosed in a separate FTC press release, shows the scale of the problem the rule was designed to address. That figure covers all imposter scams, not just FTC impersonation, but it reflects the broader ecosystem in which fake-ID texts thrive. Scammers exploit the same psychological pressure across variants: urgency, authority, and fear of financial loss. Whether the pitch involves supposed unpaid taxes, frozen bank accounts, or bogus prize winnings, the photo ID is there to make the story feel official enough that a hurried recipient might not pause to question it.
How scammers weaponize real names and fake credentials
The photo-ID gambit does not operate in isolation. The FTC has documented that scammers routinely use employee ID numbers and names of real officials to bolster their cover stories. Pairing a real name with a fabricated credential image makes the deception harder to spot, especially for someone who has never interacted with a federal agency before. Victims who search the name online may find a legitimate profile, which reinforces the scammer’s story and makes the fake badge seem more plausible.
Some scammers also layer in references to recent enforcement actions or consumer refunds to sound informed and sympathetic. A text might claim that the FTC has identified the recipient as a victim in a previous case and now needs banking details to process a reimbursement. The fake ID photo is presented as proof that the sender is “really” from the agency and is authorized to help. In reality, the scammer is simply harvesting sensitive information for the next stage of fraud.
A related layer of the scheme involves promises to recover money that a victim previously lost to fraud. The FTC’s guidance on government impersonation states plainly that government agencies will not contact people by phone, email, text, or social media to ask for money or personal information. Legitimate agencies will not charge fees to help retrieve a refund, and they will not request bank account numbers to deposit one. Any request for upfront payment or financial details in exchange for recovering past losses is itself a scam.
Reports submitted through ReportFraud.ftc.gov feed into the agency’s Consumer Sentinel Network, a database shared with law enforcement agencies nationwide. The FTC uses those reports for investigations, education, and analysis. That pipeline means a single report from one targeted consumer can contribute to a broader enforcement action, but it also means the agency depends on people actually filing complaints to track emerging tactics like the photo-ID text.
Gaps in tracking and what consumers should do first
One significant limitation is that publicly available FTC data does not yet isolate how many imposter-scam reports specifically mention texted photo IDs or WhatsApp-based verification attempts. The Consumer Sentinel Network tracks broad categories of fraud, but granular breakdowns by communication method and specific tactic lag behind the speed at which scammers innovate. Without that data, it is difficult to measure whether the photo-ID approach is a niche technique or an accelerating trend.
The 2024 Impersonation Rule gave the FTC authority to pursue civil penalties against people who impersonate government agencies or businesses. Yet enforcement outcomes tied directly to text-based impersonation complaints have not been detailed in public records reviewed for this report. That gap leaves open the question of whether the rule’s deterrent effect is keeping pace with the tactical evolution it was partly designed to counter. For now, the agency appears focused on warning consumers quickly when new methods surface, hoping that awareness can blunt the impact even before formal cases are brought.
For anyone who receives a text from someone claiming to be an FTC employee, the first step is straightforward: do not respond, do not send money or personal information, and do not click any links in the message. Instead, consumers should independently navigate to official websites in their browser rather than using links provided in a text or chat app. The agency directs people to file a report at ReportFraud.ftc.gov, and anyone who suspects identity theft can visit IdentityTheft.gov to create a recovery plan and get personalized checklists.
Verification should always happen on the recipient’s terms. If a person is unsure whether any government contact is legitimate, they can look up the agency’s official phone number on their own and call back, or use published contact forms on official domains. They should not rely on numbers, email addresses, or links supplied by the person who reached out unexpectedly. In the case of the FTC, consumers can also find information in Spanish and other languages at the agency’s multilingual portal, which offers the same core guidance tailored to different communities.
Basic digital hygiene adds another layer of protection. Keeping operating systems and messaging apps updated can reduce exposure to malware that might be delivered through malicious links embedded in scam texts. Using strong, unique passwords and turning on multi-factor authentication for banking and email accounts can limit the damage if a scammer does manage to obtain some personal details. While these steps cannot stop an impersonation attempt from arriving, they can make it harder for a fraudster to turn one successful deception into a broader identity theft episode.
Ultimately, the rise of texted photo IDs underscores a familiar pattern: as regulators and consumers adapt to one wave of fraud, scammers adjust their scripts and tools to restore the illusion of legitimacy. The FTC’s message is that no single artifact-a badge photo, a case number, a reference to a real official-should override common-sense checks. Government agencies do not demand payment or personal data out of the blue, and they do not prove their identity by texting pictures of their credentials. Recognizing that disconnect, and reporting it when it appears, remains one of the most effective ways for consumers to protect themselves and help enforcement keep pace with the next iteration of the scam.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.