An impersonation attack takes place is when a digital adversary fraudulently poses as a trusted associate of the target, often as a friend, work colleague, or executive leader at the target’s company. Impersonation is where users create social media accounts mimicking a legitimate account. Impersonators are those who pretend to be someone’s popular personality (i.e. Politician, Film star, Activists or Entrepreneur, etc) or an official representative of a popular brand or a company.
Such impersonators are found across all online social platforms, which are widely used by celebrities, influencers, businesses, and public figures having different levels of popularity. Although many impersonators may be harmless, there also exist nasty fake accounts that focus on defamation or asking for donations / seeking loans / extort money as soon they are connected.
Impersonators are highly organised when it comes to impersonation, they have a focused plan and approach, produce pre-planned untrustworthy content, perform abuse or generate fake negative engagement. A wide fraud scheme in which telephone scammers impersonate the NCB and other drug enforcement agents to steal identifiable or sensitive information from victims or other health care providers. These calls will be made to online users especially who have week end party culture. Scammers use fake names and emblem figures, the names of well-known Drug Enforcement officers or police officers in original departments.
Impersonators frequently seek out social profiles discussing about (a) medical issues (b) divorce (c) a new job (d) party savvy (e) gaming (f) wanting to make a purchase (f) life style savvy (g) Technology savvy (h) Traveling and (i) Sporting etc.
India has a population of 1.40 billion people, of which 79% (1.10 billion) use mobile phones, 45% (624 million) use the internet, and 32% (448 million) use social media, with an average internet session lasting 6 hours and 26 minutes. Out of 1.10 billion internet users in India, 96.7% watch online videos, 82% watch live streaming, 52% listen to FM radio stations, and 50% listen to podcasts. It’s important to note that 86% of the consumption happens on smartphones.
General Traits of Impersonator:
- Urgent tone – Attackers need their victims to act quickly.
- Unusual requests – Getting an email to get verified in-order to receive money.
- Emphasis on confidentiality – Scammers frequently use words “private,” “confidential,” and “secret” so that you don’t disclose conversations with others.
- Incorrect email address – Most of the times scammers use email spoofing or look alike email to get into your inbox.
Recent Impersonation Attacks:
- Firstly, fraudsters create a fake account online using stolen, compromised accounts of higher officials, and fraudsters create their digital profile (DP) with the image of an enforcement officer or a senior bureaucrat. The scammer then sends WhatsApp messages to their targets, impersonating that enforcement officer or bureaucrat.
- They target individuals who are weekend party savvy, and all the data is gathered from social media portals.
- The scammers’ stories may slightly vary, but in general, they’ll tell you that they’ve seized a parcel packed with illegal drugs. It was couriered in victims name, or they set up information relating to a seized courier packed with illegal drugs, and they threaten that the victim was going to be arrested for drug trafficking and money laundering.
- If the victims don’t properly respond to their emails and WhatsApp conversations, scammers start threatening victim by sending fake notices, pretending to be law enforcement and investigation agencies, to arrest for not paying amounts. They demand payment without giving the opportunity to appeal the amount they say the victim owes.
- As part of the extortion, the fake officer comes up with the above reason for victim to transfer money to them as payment or to prove the victim willing to cooperate, and they’ll tell to transfer the money using UPI.
Few tips not to fall to impersonators:
- Use unique, complex passwords (Use special & alphanumeric characters)
- Enable (2FA) Two Factor Authentication.
- Use the features i.e. Lock / Guard, your profiles.
- Configure privacy settings for your social media platforms to control information sharing
- Never over share sensitive & personal information on social platforms.
- Avoid clicking on suspicious links, verify the link with https://isitphishing.org/
- Only connect with people that you know and trust in real life.
- Consent should be treated the same way for all offline and online
- Disable access to GPS / location feature for your social media platforms.
- Make the habit of checking complete email headers before you reply especially when you have a request for financial transaction.
Reporting impersonation on social media portals:
- Instagram – https://help.instagram.com/370054663112398
- YouTube – https://support.google.com/youtube/answer/2801947?hl=en
- Facebook – https://www.facebook.com/help/contact/169486816475808
- YouTube – https://support.google.com/youtube/answer/2801947?hl=en
- LinkedIn – https://www.linkedin.com/help/linkedin/answer/61664/reporting-fake-profiles?lang=en
Reporting impersonation on Cyber Crime Portal:
Impersonation is a crime. It involves assuming a false identity with the intent to defame or defraud or extort money or pretending to be a representative of a person or organisation. Try and Report directly to social platforms as mentioned in this article and if the gravity of the situation is much then you should complain on the national cybercrime portal, https://www.cybercrime.gov.in