Impersonation Scams: How to Avoid Becoming a Victim

What is an Impersonation Scam?

An impersonation scam is a fraud scheme in which a perpetrator poses as a trusted individual or entity, such as a bank, United states government office, service provider, or family member, to obtain contact information, credentials, or payments from the target.

Scammers typically use channels like phone, email, text, or social media and may spoof caller IDs, emails, or profiles to appear legitimate.

Such attacks can ultimately lead to financial losses, reputational damage, and financial information leaks, not to mention the emotional toll on employees and customers. To safeguard your business, it is crucial to understand how impersonation fraud operates and to implement adequate preventive measures.

Types of Imposter Scams

Let’s take a look at the main types of imposter scams used, which can vary depending on the pretext involved:

1. CEO Fraud

Attackers pose as your CEO/GM via look-alike email, WhatsApp, or even a hijacked real account. The text message leans on sense of urgency and secrecy to push wire transfers, gift cards, or payroll data.

How it plays out: “Board needs funds cleared in 30 minutes. Confidential. Reply only to me.” Finance does the transfer; the money takes a one-way flight.

• Ubiquiti Networks disclosed a $46.7M loss after spoofed executive emails triggered international transfers, classic BEC with executive impersonation.
• Mattel nearly lost $3 million when an email impersonating the new CEO requested a vendor payment to China; the funds were recovered thanks to a bank holiday and a swift escalation.

2. Vendor or supplier impersonation

Criminals imitate a trusted supplier (domain doppelgänger, spoofed invoices, compromised mailbox) and redirect payments to their financial accounts.

How it plays out: Invoice looks legitimate, PO numbers match, only the bank details “recently changed.”

• Facebook & Google lost over $120M to a fake “Quanta Computer” look-alike run by Evaldas Rimasauskas (2013–2015). He sent convincing invoices and contracts; both firms paid with account information. U.S. DOJ: 60-month sentence.
• Toyota Boshoku (Toyota supplier) reported a $37M loss after a single manipulated transfer request. 

3. Customer impersonation

Attackers pretend to be your customer, or your own customer trying to “recover access” to trick support into changing details, issuing refunds, or disclosing data. The flavor most well-known companies see: SIM-swap or account-reset social engineering, where the scammer impersonates the customer to your telco or helpdesk.

How it plays out: “I’m locked out, new number, urgent travel,” plus a few cribbed KBA answers from data leaks. Support resets MFA/SIM; attacker drains accounts.

• SIM-swap judgments & incidents: T-Mobile paid $33M in a SIM-swap arbitration after a customer’s number was ported and crypto stolen, textbook “customer” impersonation to a support channel.
• @jack (Twitter CEO) SIM-swap (2019): attackers convinced a carrier to move his number; then used tweet-by-SMS to post from his account. It’s the same playbook used against ordinary customers.

4. Law enforcement & government agency impersonation

Scammers pose as tax authorities or police, threaten fines/arrest, and push immediate payments or data “to avoid legal consequences.”

How it plays out: Caller ID spoofing, badge numbers, and a stern tone. They’ll demand wire transfers, gift cards, or remote access to “verify” systems.

U.S. DOJ charged and later sentenced members of India-based call centers that impersonated IRS officials and extracted millions from U.S. victims. 

5. Bank Impersonation

Criminals pose as your bank’s fraud team and rush you to move funds to a “safe account” or reveal OTPs. In the UK, this falls under Authorized Push Payment (APP) fraud.

How it plays out: Victim gets a “fraud alert” call, then a beneficial “bank agent” who guides them through moving money, straight to the crooks.

• UK Finance: £1.17B stolen via authorized + unauthorized fraud in 2024; APP losses remain a major chunk, with detailed breakdowns of police/bank staff impersonation trends. 
• Financial Ombudsman case: Customer tricked into moving money to a “safe” account after a telecoms-impersonation pretext, useful to show adjudication outcomes. 

5. Tech Support Scams

Group-IB analysts uncovered a large impersonation campaign on Facebook. Fake profiles and pages pose as Meta or Facebook support, post in many languages, and push victims to look-alike official websites. The goal is simple: take over high-value accounts by stealing credentials, bank account numbers, or session cookies.

Main highlights

• Scale: 3,200+ fake profiles/pages identified across 23 languages.
• Spike: 1,200+ fake profiles found in March 2023 alone.
• Setup: Accounts are newly created or already compromised and reused for phishing.
• Infrastructure: 220+ phishing sites mimicking government official Meta/Facebook pages, often built on cheap or fake website platforms.
• Tactics: Credential phishing and session hijacking via stolen browser cookies.

How To Prevent And Mitigate Imposter Scams?

Like other types of social engineering attacks, imposter scams are almost impossible to eliminate as they are based on human error. Companies should introduce a set of security measures to stay ahead of imposter fraud. Key recommendations include:

• Train employees to identify red flags associated with impersonation scams, such as urgent requests, untypical invoices, suspicious language, and unfamiliar email addresses.
• Use Multi-factor Authentication (MFA) for all critical accounts and systems to add an extra layer of security.
• Establish verification procedures for any requests involving wire transfers, personal information, and changes to vendor accounts.
• Foster a culture of cybersecurity awareness within the organization and encourage employees to report any suspicious activity.
• Implement robust data security measures, including encryption and access controls, to safeguard sensitive information.
• Maintain up-to-date software and security patches to address vulnerabilities that scammers can exploit.
• Develop a clear and actionable incident response plan to handle potential scams and minimize damage.

Can Group-IB Secure Businesses Against Impersonation Scams?

Quick prevention beats lengthy post-mortems. Group-IB found a large Facebook impersonation campaign where over 3,200 fake profiles and pages in 23 languages, including 1,200+ in March 2023.

Scammers used newly created or hijacked accounts and ran 220+ look-alike phishing sites to steal passwords or browser cookies. Posts posed as “Meta/Facebook Support,” tagged many pages, and linked to fake “verification” forms.

Imposter scams are on the rise. They pose a threat to your team members, customers, and users. Basic security measures are a must for any company or user. Still, if you want to make sure that your employees, customers, and valuable assets are secure, you’ll need something more robust and proactive.

Here’s how Group-IB can help you in 3 ways:

• Group-IB Digital Risk Protection fights CEO financial fraud and other brand impersonation attacks effectively and efficiently. The solution monitors for signs of brand abuse online in real time and promptly detects and blocks any threats that could lead to impersonation scams.
• Group-IB Cybersecurity Training includes pragmatic and practical workshops and courses from security practitioners to raise government employee awareness of social engineering attacks and stop them from falling victim to impersonation scams.
• Group-IB Fraud Protection offers sophisticated protection against even the most advanced impersonation attacks. Its device fingerprinting technology and behavior analytics function identify anomalies in user behavior and devices being used that could point to an impersonation attempt. The Call ID technology helps detect scam calls on mobile devices and prevent fraudulent transactions.