What are imposter scams?

Scammers create fraudulent websites to impersonate trusted figures and deceive victims into revealing sensitive information. They exploit trust, urgency, and fear to manipulate individuals and businesses into making payments or disclosing sensitive data.

Imposter scams have become one of the costliest types of fraud. In 2023 alone, U.S. consumers lost over $2.7 billion—or 27% of the $10 billion lost to all types of fraud in the same year.

Definition of Imposter Scams

Imposter scams are a type of fraud where scammers pretend to be someone else, often a government official, financial institution, or trusted individual, to trick victims into sending money or divulging personal information. These scams can take many forms, including phone calls, emails, text messages, and social media messages. Scammers pretend to be credible sources to create a sense of urgency or panic, making it difficult for victims to think clearly and make rational decisions. The goal is to manipulate the victim into acting quickly, often resulting in financial loss or compromised personal information.

How imposter scams work

Imposter scams typically follow a recognizable pattern. The scammer impersonates a trusted source and uses pressure tactics to make the victim act quickly. Scammers may manipulate caller ID to appear as if they are contacting potential victims from legitimate government or business numbers.

The process usually follows these key steps:

• Contact: The scammer reaches out via phone, email, text, or social media message.
• Impersonation: They claim to be from a trusted entity, such as a government agency, bank, or company executive.
• Urgency or threats: Scammers use social engineering tactics to create a sense of urgency and often threaten fines, arrests, or service interruptions.
• Request for payment or data: The victim is then asked to send money, disclose personal information, or provide access to one of their accounts.

Common types of imposter scams

While imposter scams come in many shapes and sizes, here are three types most likely to affect businesses.

Government imposter scams

Government impersonation scams are one of the most common imposter scams. Here, scammers pose as government officials and claim the victim owes taxes or fines. Victims are then told to pay via wire transfer, cryptocurrency, gift cards or some other less traceable payment method. Scammers may claim individuals could miss out on some government benefit if they fail to comply with fraudulent requests for personal information or payments.

Government agencies, however, do not demand payment through these methods, which makes such requests an obvious red flag. Scammers create a sense of urgency by threatening consequences, such as arrest or suspension of benefits, unless the victim pays immediately, often demanding unconventional payment methods.

Business email compromise (BEC) scams

BEC scams target businesses and financial teams. Fraudsters impersonate executives or vendors and request urgent payments or bank detail changes.

For example, an accounts payable clerk may receive an email from the “CEO” requesting an immediate wire transfer.

Scammers create a sense of urgency by demanding that the victim pay immediately, often bypassing standard approval processes.

One indicative sign of a BEC scam is a request for immediate payment that bypasses standard approval processes.

Tech Support Scams and Personal Information Risks

In a tech support scam, individuals may be alerted by a pop-up or message that claims malware has been detected. Victims are prompted to call a phone number where scammers demand payment for “technical support” services.

Scammers often create fraudulent websites that appear legitimate to deceive victims into calling for these ‘technical support’ services.

Note that legitimate companies do not send pop-up alerts asking users to call for urgent technical support.

Warning Signs of Imposter Scams

There are several warning signs that can help you identify an imposter scam. These include:

• Unsolicited contact from someone claiming to be a trusted individual or organization.
• Requests for money or sensitive information.
• Pressure to act quickly or urgently.
• Lack of personalization or familiarity in the communication.
• Suspicious emails or text messages.
• Unexpected phone calls or texts asking for personal information or money.
• Websites that look similar to legitimate websites but have slight differences.
• Scammers using fake or stolen identities.

Recognizing these red flags can help you avoid falling victim to an imposter scam and protect your personal information.

How Government Agencies Handle Communications

Government agencies, such as the Federal Trade Commission (FTC), Social Security Administration, and Internal Revenue Service (IRS), have strict protocols for communicating with the public. Here are some key things to know:

• Government agencies will never contact you and ask for money or personal information, such as your Social Security number or bank account number.
• Government agencies will never threaten to suspend or cancel your government benefits if you don’t pay a fine or fee.
• Government agencies will never ask you to transfer money to a different account or send money via gift card or cryptocurrency.
• Government agencies will always provide you with a clear and legitimate way to verify their identity and the authenticity of their communication.

Understanding these protocols can help you identify and avoid government imposter scams.

How to detect imposter scams using Caller ID

Recognizing the warning signs of an imposter scam can prevent financial loss. Key signs to watch for include:

• Requests for urgent payments or financial help via gift cards, cryptocurrency, or wire transfers.
• Emails or calls from unfamiliar contacts with a sense of urgency or threats of legal action or service interruption.
• Suspicious changes to vendor payment details that aren’t part of the normal process.
• Untraceable payment requests.
• Requests for personal information such as passwords or bank account numbers.
• Scammers manipulating caller ID to appear as if they are contacting potential victims from legitimate government or business numbers.

How to prevent imposter scams

Preventing imposter scams requires proactive security measures and proper training for employees. Here are some key prevention strategies:

Strategy 1 – Education

Education is paramount since scammers often rely on a victim’s lack of knowledge. To strengthen employee awareness, companies should:

• Train employees to recognize red flags like urgent payment requests from unfamiliar contacts.
• Conduct phishing simulations where employees are rated on their ability to both identify and respond to imposter scams.
• Create protocols for verifying unusual requests, such as confirmation through official contact methods.

Strategy 2 – MFA

Multi-factor authentication (MFA) can also prevent scammers from obtaining access to online accounts. Key recommendations include:

• MFA on all business email accounts – particularly for those employees with access to payment systems and vendor data. Likewise for remote access to financial tools and ERP software.
• Implementation of authenticator apps to prevent imposter fraud from a SIM-swapping attack.

Strategy 3 – Vendor verification

Vendor impersonation scams – where attackers pose as legitimate suppliers – are one of the most common forms of business-related imposter fraud. To prevent vendor impersonation scams, businesses should:

• Require employees to verify all requests to change vendor payment details. Employees should call the vendor directly using a number on file (and not the number provided in the request).
• Use vendor management portals where vendors update their payment information securely.
• Implement an approval process for all vendor payment changes that incorporates multiple layers of verification.

Reporting Imposter Scams

If you suspect that you have been a victim of an imposter scam, it’s essential to report it to the relevant authorities. Here are some steps you can take:

• Report imposter scams to the Federal Trade Commission (FTC) online at ReportFraud.ftc.gov.
• Report imposter scams to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
• Contact your financial institution and report any suspicious activity on your account.
• Share information with your friends and family to help them avoid falling victim to the same scam.

Remember, reporting imposter scams can help prevent others from falling victim to the same scam and can also help law enforcement agencies track down and prosecute scammers.

Consequences of imposter scams

The consequences of imposter scams can be severe, impacting both individuals and organizations. As documented earlier, financial losses from imposter scams are substantial.

Companies hit with BEC attacks often face even larger financial losses, with these scams the second costliest category of cybercrime in 2023. In New Jersey, for example, 628 businesses lost an average of $223,041.73.

Data breaches often occur as a result of impersonation. Fraudsters may steal a victim’s bank account details or login credentials to commit identity theft or obtain unauthorized access to accounts.

Reputational damage is another major consequence, with businesses known to have been impersonated losing the trust of customers, vendors, and other stakeholders. This loss of confidence can have a long-term impact on client relationships and growth.

Key Takeaways and How to Report Imposter Scams

• Imposter scams involve fraudsters posing as trusted individuals or organizations to deceive victims into making payments or sharing sensitive information.
• Types of imposter scams most likely to impact businesses include government impersonation, business email compromise (BEC), and tech support scams.
• Prevention measures like employee training, multi-factor authentication, and vendor payment verification reduce the risk of falling victim to imposter scams.