Impersonation scams totaled $1.1B in losses in 2023. Here's what you need to know and how to stay safe.
Impersonation scams totaled $1.1B in losses in 2023. Here's what you need to know and how to stay safe.
Max Kirchoff
4
Fraud Prevention
Apr 11, 2024
Key takeaways:
Impersonation scams—the latest emerging threat to individuals and businesses—have cost victims $1.1 billion this year according to the Federal Trade Commission (FTC), tripling the reported number of losses in 2020. This has turned heads at the highest level and inspired new rules meant to curb its explosive growth.
Effective Monday, April 1, 2024, the Federal Trade Commission (FTC) announced new rules that allow the agency to bring scammers to federal court to recover stolen funds and impose harsher penalties. The proposed rules target businesses that knowingly provide services or tools to run impersonation scams, which includes cracking down on generative artificial intelligence (GenAI) platforms that create harmful deepfakes meant to swindle and trick consumers.
While this will hopefully discourage future scammers, impersonation scams will always be a risk. As businesses move their processes mostly online, scammers have more opportunities to exploit unsuspecting victims via impersonation scams. Like most forms of fraud, knowing what to look for is the key to staying safe.
Here’s what you need to know about them and how best to avoid them.
Impersonation scams occur when a fraudster pretends to be someone you trust—like a company you know, a government office, or even a friend or family member—to fool you into giving them your money, personal information, or access to your accounts. They’ll often pressure you to act, leading you to make decisions without checking if they’re who they say they are.
Impersonation scams rely on social engineering and can take many different forms, depending on the fraudster’s target or deception strategy.
It’s important to note that all types of impersonation scams are crimes of opportunity. Fraudsters will often first profile a victim to find a weakness—impersonating whatever form will most likely generate a response or their desired end goal. For example, the FBI IC3 reported a rise in tech support fraud in 2023, reaching $0.9B in losses. The primary victims of these scams were senior citizens, who often rely on tech support.
Impersonation scams can take many forms, but these are the most common:
Like most forms of cybercrime, scammers hope you won’t stop to think about what you’re doing. They rely on speed and confusion, and they only need one victim to successfully execute their scam. An impersonation scam attempt will often contain these three characteristics:
So what does that look like in practice? Let's take a look at a common example: the IRS scam.
Let’s say you’ve received a call from “the IRS.” You don’t pick up the phone because it’s an unknown number. But you get a voicemail.
In the recording, you hear you owe significant back taxes. The caller threatens you with legal action and says they’ll soon send law enforcement to your house if you don’t call them back to discuss repayment solutions.
Of course, it’s all a ruse. And it fits all the criteria: urgent, big risk if you don’t comply, and a specific vulnerability with some form of payment as the solution.
You might be thinking: I’d never fall for that. And you might be right. Perhaps you’re not the right target; you pay your taxes on time every year. You know you’re fine. But someone else who’s received that phone call may not feel as secure. And getting arrested for tax fraud is one of their biggest worries. So they call the scammer back, and the trap is set.
Remember: every impersonation scam is a crime of opportunity. The scammer only needs to find the right victim once to pull it off. And they send these messages to hundreds of victims every day.
If you’re unsure if you’re the target of a scam, first see if it fulfills the above three-part criteria. If it does, there’s a good chance you’re the target of an impersonation scam.
If you’re still unsure, do not call, text, or email the suspicious contact back. Instead, find a verified, first-party source (in this instance, a local IRS office, as identified through the IRS.gov website), and contact them directly.
There’s no silver bullet for identifying fraud or scams. Fraudsters change their tactics often. Remember: cybercriminals are often multi-billion dollar criminal organizations; these aren’t run-of-the-mill operations.
Your best defense against impersonation scams is to stay educated. Knowing what you’re up against will ensure you’re not exposed to a new tactic or strategy you can’t recognize. Here are a few places to enhance your education and combat impersonation scams:
If you suspect you've fallen victim to an impersonation scam, don't beat yourself up. These scammers are cunning and prey on the best of us. Here's what you should do next:
Remember, it's important to act quickly and not to be ashamed. Scammers are skilled at manipulation; falling victim doesn't mean you've failed. By taking action, you're standing against them and helping protect others. Download our free infographic to raise awareness on impersonation scams with your customers and colleagues.
For additional protection against impersonation scams and wire fraud, schedule a demo to learn how CertifID can keep you and your business safe.
VP of Product
Max is a multi-disciplinary technologist who combines broad domain knowledge with deep focus on complex B2B products and platforms. He has delivered products from early-stage prototypes to large-scale solutions for both startups and large enterprises. Max excels in collaboration informed by emotional intelligence, pro-social critical thinking, and dignity. Max has worked on products and project with companies that include Google, Brightside Health, The Zebra, Lifion by ADP, Revel, Mirra, Gannett, and Microsoft.
Key takeaways:
Impersonation scams—the latest emerging threat to individuals and businesses—have cost victims $1.1 billion this year according to the Federal Trade Commission (FTC), tripling the reported number of losses in 2020. This has turned heads at the highest level and inspired new rules meant to curb its explosive growth.
Effective Monday, April 1, 2024, the Federal Trade Commission (FTC) announced new rules that allow the agency to bring scammers to federal court to recover stolen funds and impose harsher penalties. The proposed rules target businesses that knowingly provide services or tools to run impersonation scams, which includes cracking down on generative artificial intelligence (GenAI) platforms that create harmful deepfakes meant to swindle and trick consumers.
While this will hopefully discourage future scammers, impersonation scams will always be a risk. As businesses move their processes mostly online, scammers have more opportunities to exploit unsuspecting victims via impersonation scams. Like most forms of fraud, knowing what to look for is the key to staying safe.
Here’s what you need to know about them and how best to avoid them.
Impersonation scams occur when a fraudster pretends to be someone you trust—like a company you know, a government office, or even a friend or family member—to fool you into giving them your money, personal information, or access to your accounts. They’ll often pressure you to act, leading you to make decisions without checking if they’re who they say they are.
Impersonation scams rely on social engineering and can take many different forms, depending on the fraudster’s target or deception strategy.
It’s important to note that all types of impersonation scams are crimes of opportunity. Fraudsters will often first profile a victim to find a weakness—impersonating whatever form will most likely generate a response or their desired end goal. For example, the FBI IC3 reported a rise in tech support fraud in 2023, reaching $0.9B in losses. The primary victims of these scams were senior citizens, who often rely on tech support.
Impersonation scams can take many forms, but these are the most common:
Like most forms of cybercrime, scammers hope you won’t stop to think about what you’re doing. They rely on speed and confusion, and they only need one victim to successfully execute their scam. An impersonation scam attempt will often contain these three characteristics:
So what does that look like in practice? Let's take a look at a common example: the IRS scam.
Let’s say you’ve received a call from “the IRS.” You don’t pick up the phone because it’s an unknown number. But you get a voicemail.
In the recording, you hear you owe significant back taxes. The caller threatens you with legal action and says they’ll soon send law enforcement to your house if you don’t call them back to discuss repayment solutions.
Of course, it’s all a ruse. And it fits all the criteria: urgent, big risk if you don’t comply, and a specific vulnerability with some form of payment as the solution.
You might be thinking: I’d never fall for that. And you might be right. Perhaps you’re not the right target; you pay your taxes on time every year. You know you’re fine. But someone else who’s received that phone call may not feel as secure. And getting arrested for tax fraud is one of their biggest worries. So they call the scammer back, and the trap is set.
Remember: every impersonation scam is a crime of opportunity. The scammer only needs to find the right victim once to pull it off. And they send these messages to hundreds of victims every day.
If you’re unsure if you’re the target of a scam, first see if it fulfills the above three-part criteria. If it does, there’s a good chance you’re the target of an impersonation scam.
If you’re still unsure, do not call, text, or email the suspicious contact back. Instead, find a verified, first-party source (in this instance, a local IRS office, as identified through the IRS.gov website), and contact them directly.
There’s no silver bullet for identifying fraud or scams. Fraudsters change their tactics often. Remember: cybercriminals are often multi-billion dollar criminal organizations; these aren’t run-of-the-mill operations.
Your best defense against impersonation scams is to stay educated. Knowing what you’re up against will ensure you’re not exposed to a new tactic or strategy you can’t recognize. Here are a few places to enhance your education and combat impersonation scams:
If you suspect you've fallen victim to an impersonation scam, don't beat yourself up. These scammers are cunning and prey on the best of us. Here's what you should do next:
Remember, it's important to act quickly and not to be ashamed. Scammers are skilled at manipulation; falling victim doesn't mean you've failed. By taking action, you're standing against them and helping protect others. Download our free infographic to raise awareness on impersonation scams with your customers and colleagues.
For additional protection against impersonation scams and wire fraud, schedule a demo to learn how CertifID can keep you and your business safe.
VP of Product
Max is a multi-disciplinary technologist who combines broad domain knowledge with deep focus on complex B2B products and platforms. He has delivered products from early-stage prototypes to large-scale solutions for both startups and large enterprises. Max excels in collaboration informed by emotional intelligence, pro-social critical thinking, and dignity. Max has worked on products and project with companies that include Google, Brightside Health, The Zebra, Lifion by ADP, Revel, Mirra, Gannett, and Microsoft.