Impersonation Scams: What to Know and Why the FTC is Taking Action

Key takeaways:

• Impersonation scams are when bad actors spoof phone calls, emails, texts, or social media accounts in an attempt to take your money.
• Scammers most often impersonate businesses or government agencies.
• Impersonation scams have cost consumers $1.1B this year in losses in 2024.
• The Federal Trade Commission (FTC) is cracking down on scammers with new rules that create harsher penalties.
• Download our infographic to share critical information on Impersonation Scams.

‍

Impersonation scams—the latest emerging threat to individuals and businesses—have cost victims $1.1 billion this year according to the Federal Trade Commission (FTC), tripling the reported number of losses in 2020. This has turned heads at the highest level and inspired new rules meant to curb its explosive growth.

Effective Monday, April 1, 2024, the Federal Trade Commission (FTC) announced new rules that allow the agency to bring scammers to federal court to recover stolen funds and impose harsher penalties. The proposed rules target businesses that knowingly provide services or tools to run impersonation scams, which includes cracking down on generative artificial intelligence (GenAI) platforms that create harmful deepfakes meant to swindle and trick consumers.

While this will hopefully discourage future scammers, impersonation scams will always be a risk. As businesses move their processes mostly online, scammers have more opportunities to exploit unsuspecting victims via impersonation scams. Like most forms of fraud, knowing what to look for is the key to staying safe.

Here’s what you need to know about them and how best to avoid them.

‍

What are impersonation scams?

Impersonation scams occur when a fraudster pretends to be someone you trust—like a company you know, a government office, or even a friend or family member—to fool you into giving them your money, personal information, or access to your accounts. They’ll often pressure you to act, leading you to make decisions without checking if they’re who they say they are.

Impersonation scams rely on social engineering and can take many different forms, depending on the fraudster’s target or deception strategy.

‍

What are common types of impersonation scams?

It’s important to note that all types of impersonation scams are crimes of opportunity. Fraudsters will often first profile a victim to find a weakness—impersonating whatever form will most likely generate a response or their desired end goal.  For example, the FBI IC3 reported a rise in tech support fraud in 2023, reaching $0.9B in losses. The primary victims of these scams were senior citizens, who often rely on tech support.

Impersonation scams can take many forms, but these are the most common:

• IRS or tax scams: The impersonator claims to be from the IRS or a similar tax authority and states that the victim owes back taxes and must pay immediately or face arrest or other legal action.
• Banking scams: The scammer pretends to be from the victim’s bank, claiming a problem with their account requires immediate attention, such as a suspicious transaction. They ask for account details or personal identification numbers (PINs).
• Romance scams: The scammer creates a fake online identity to gain the victim’s affection and trust. Over time, they fabricate scenarios that require financial assistance.
• Lottery or prize scams: Victims are told they've won a lottery or prize but must pay a fee or provide personal information to claim it.
• Government agency scams: Scammers pose as government officials from agencies such as the Social Security Administration, demanding personal information or payments to correct an issue with the victim’s benefits or records.
• Family or friend emergency scams: The scammer pretends to be a family member or friend in an emergency situation, often overseas, and needs money immediately.
• Tech support scams: Scammers claim to be from tech support of a well-known company, saying they’ve found a virus or security issue on the victim’s computer. 
• Phony package scams: Victims are told (often via text) that their package is unavailable for delivery and requires input—either an additional payment or personal information—to make it to its final destination.

‍

How can you spot an impersonation scam?

Like most forms of cybercrime, scammers hope you won’t stop to think about what you’re doing. They rely on speed and confusion, and they only need one victim to successfully execute their scam. An impersonation scam attempt will often contain these three characteristics:

1. It creates a sense of urgency.
2. It scares you with high stakes.
3. It preys on a specific vulnerability.

So what does that look like in practice? Let's take a look at a common example: the IRS scam.

‍
Impersonation Scam Example: IRS Scam

Let’s say you’ve received a call from “the IRS.” You don’t pick up the phone because it’s an unknown number. But you get a voicemail. 

In the recording, you hear you owe significant back taxes. The caller threatens you with legal action and says they’ll soon send law enforcement to your house if you don’t call them back to discuss repayment solutions.

Of course, it’s all a ruse. And it fits all the criteria: urgent, big risk if you don’t comply, and a specific vulnerability with some form of payment as the solution.

You might be thinking: I’d never fall for that. And you might be right. Perhaps you’re not the right target; you pay your taxes on time every year. You know you’re fine. But someone else who’s received that phone call may not feel as secure. And getting arrested for tax fraud is one of their biggest worries. So they call the scammer back, and the trap is set.

‍

‍

Scammers work at scale

Remember: every impersonation scam is a crime of opportunity. The scammer only needs to find the right victim once to pull it off. And they send these messages to hundreds of victims every day.

If you’re unsure if you’re the target of a scam, first see if it fulfills the above three-part criteria. If it does, there’s a good chance you’re the target of an impersonation scam. 

If you’re still unsure, do not call, text, or email the suspicious contact back. Instead, find a verified, first-party source (in this instance, a local IRS office, as identified through the IRS.gov website), and contact them directly.

‍

What are ways to combat impersonation scams? 

There’s no silver bullet for identifying fraud or scams. Fraudsters change their tactics often. Remember: cybercriminals are often multi-billion dollar criminal organizations; these aren’t run-of-the-mill operations.

Your best defense against impersonation scams is to stay educated. Knowing what you’re up against will ensure you’re not exposed to a new tactic or strategy you can’t recognize. Here are a few places to enhance your education and combat impersonation scams:

1. Register for To Catch a Fraudster, our monthly webinar on scams and fraud, focusing on impact in real estate.
2. Sign up for The Wire, our weekly newsletter with updates on all things cybersecurity and wire fraud.
3. Explore our helpful resources for infographics, whitepapers, articles, and more. 
4. Visit the FBI IC3 site for Consumer and Industry alerts.

‍

What if I’ve become a victim of an impersonation scam?

If you suspect you've fallen victim to an impersonation scam, don't beat yourself up. These scammers are cunning and prey on the best of us. Here's what you should do next:

• Stay calm and gather information: Take a deep breath. Collect any details you have about the scam, such as the scammer's contact information, the communication (emails, messages, calls), and what information or money you've given.
• Report it: Inform the police or your local law enforcement agency. Reporting the scam can help them track down the scammer and prevent others from being scammed. Also consider reporting to the FTC.
• Alert your bank or credit card company: If you've shared financial information or made payments, contact your bank or credit card company immediately. They can help protect your accounts, reverse any fraudulent transactions, and issue new cards if needed.
• Change your passwords: If you've given out passwords, change them as soon as possible. This goes for any account that uses the same or a similar password.
• Contact credit bureaus: Get in touch with credit bureaus to place a fraud alert on your account. This makes it harder for scammers to open new accounts in your name.
• Be wary of follow-up scams: Sometimes, scammers strike twice by pretending to help you recover your losses. Be skeptical of anyone claiming they can "help" get your money back for a fee.
• Educate yourself and others: Learn more about how these scams work and share your experience with friends and family to prevent them from becoming victims.

‍

Stay safe with CertifID

Remember, it's important to act quickly and not to be ashamed. Scammers are skilled at manipulation; falling victim doesn't mean you've failed. By taking action, you're standing against them and helping protect others. Download our free infographic to raise awareness on impersonation scams with your customers and colleagues.

For additional protection against impersonation scams and wire fraud, schedule a demo to learn how CertifID can keep you and your business safe.

‍