The online space makes it easier for people to pretend to be others. People can easily create fake profiles with the click of a button. Facebook says they removed 2.2 billion fake accounts in the first quarter of 2019.
Instead of hacking into your account, an attacker can just pretend to be you. Bad actors can easily take your photos and create a fake social media profile or mock up an email address that looks close to your work email. From there they can try to contact people close to you and engage in impersonation attacks.
3 Types of Impersonation Attacks
Bad actors who try to impersonate others can engage in any of the following attacks:
1. BEC/CEO Fraud: In these attacks, attackers impersonate companies or high-level executives like CEOs. They then contact employees or business partners and ask them to wire transfer money into a fraudulent account. BEC attacks are very common and losses are typically in the excess of $100,000 according to the Canadian Anti-Fraud Centre.
2. Romance Scam: Colloquially known as catfishing, this scam involves bad actors trying to woo their victims by pretending to be another person. This attack involves stealing photos from real life people and crafting a persona from those images. In some cases, an attacker will pretend to be a well-known celebrity. They build a rapport with their victim to establish trust. Once trust is established, they will concoct a story that will move the victim into giving them money.
3. Vishing: Scammers will not only impersonate people online but also through telephone calls. Vishing is a type of phishing attack where attackers call potential victims and pretend to be a government authority or help desk support. They try to scare victims by telling them they have bank, computer or fraud issues, or they will try to entice victims into giving information by saying they’ve won a prize.
What to Do If You’re Being Impersonated Online
Anyone can be a victim of online impersonation. Here are three things you can when dealing with a fake account:
1. Report the user: It’s important to try to get the fake account taken down as soon as possible. Report any false accounts that are in your name. Do not engage with the fake account. They could get hostile and end up escalating the situation to something worse.
2. Warn others: Having multiple accounts in your name can confuse your friends, family and employees. If they accidentally mistake the impostor for you, valuable data or finances could be lost. Let your contacts know that you are being impersonated. If the account is doing any specific actions, like messaging your employees to buy gift cards, make sure you warn others about these actions too.
3. Monitor for other incidents: Check for other fake accounts on other websites like LinkedIn, Twitter or Facebook. Make sure that there aren’t any other impersonators elsewhere. Continue to monitor time and time again to ensure that this doesn’t happen in the future.
How to Avoid Falling Victim to Impersonation Attacks
1. Awareness: In order to combat these attacks, you need to know what to look out for. Engaging in a security awareness course like our Secure IT – Cyber Awareness Training will help employees understand the threat landscape and learn what they can do to help build defenses.
2. Speak up: Employees may be hesitant to doubt the veracity of a message from an executive or boss but if they are receiving strange messages, it’s important to alert someone about it. Creating a good security culture in your workplace will encourage employees to speak up about potential security incidents. By directly asking the person who supposedly sent the email or having a second opinion from another co worker, it can help curb potential fraud or data leaks.
3. Increase email security: A secure email solution like Secure IT – Mail will help protect your inbox and can filter out malicious messages. This solution provides advanced security technologies like AI and SIEM to protect your inbox from threats.