Social engineering attacks that employ impersonation tactics continue to plague companies. According to the FBI’s 2020 Internet Crime Report, the top 3 crimes reported in 2020 were phishing scams, non-payment/non-delivery scams, and extortion. Notably, victims lost the most money to business email compromise scams, romance and confidence schemes, and investment fraud.
What is Impersonation?
At Social-Engineer, we define impersonation as the “practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.”
Impersonation scams can be carried out in several ways, such as through social media platforms, phone, and email. Bad actors may also employ physical impersonation attacks with the intent to gain physical entry. Let’s look at some notable examples from 2021.
Image:The following social engineering news stories show how cybercriminals are using impersonation.
- In February or March of 2020, attackers were able to gain access to the Essex Regional Conservation Authority’s (ERCA) computers. After gaining access, they spent months spying on the organization, staff profiles, and how the organization interacted and communicated. The attackers then impersonated one of ERCA’s staff members and initiated a $292,000 phishing scam.
- A United Arab Emirates bank lost $35 million to an impersonation scam that used AI-enhanced voice simulation combined with phishing emails. According to court documents, investigators say the bank manager received a phone call that sounded like the director of the company. At the same time, the bank manager also received emails, impersonating the director, related to the phone call. This sophisticated impersonation scam is surely a warning of the dangers of deepfakes.
- On August 2, 2020, Erie County received an email from an attacker impersonating the construction company that had done work on a building in downtown Buffalo. Erie County paid out more than $100,000 to the attacker.
- As reported by HackerNews, Israeli IT and communication companies were at the center of a supply chain attack campaign. The campaign involved impersonating the firms and their Human Resources personnel to target victims with fake job offers. The goal of the impersonation and fake job offer was to penetrate the companies’ computers and gain access to their clients.
Social-Engineer Teaming Service —Test, Educate and Protect
Impersonation scams in all their forms will continue to be a threat to companies. Social-Engineer Teaming Service can help your company identify employee vulnerability to this attack vector. We conduct these tests using research-driven and scientifically-proven social engineering tactics, such as deception and influence. Performance of these tests includes using on-site impersonation, phone vishing, email phishing, and other communication means when necessary. Please contact our team for a quote.
