Social engineering impersonation scams are a type of social engineering attack where the attacker pretends to be someone they are not in order to gain the victim’s trust and trick them into providing sensitive information or taking some other action that benefits the attacker.
We define social engineering impersonation scams as involving human-to-human interaction (as opposed, say, to an email phishing attack that involves tricking someone into clicking on a link that loads malware). Here are some examples of social engineering impersonation scams:
- Phone calls: The attacker calls the victim and pretends to be from a government agency, law enforcement, or financial institution. The attacker may demand that the victim provide sensitive information, such as their Social Security number or credit card number, or they may threaten the victim with legal action or other consequences if they do not comply.
- In-person impersonation: The attacker approaches the victim in person and pretends to be someone they are not, such as a repairman or delivery person. The attacker may then ask the victim for personal information or access to their property.
- Some good examples of social engineering impersonations scams can be found here.
Social engineering impersonation scams can be very effective because they prey on people’s trust and willingness to help others. To protect yourself from these scams, it is important to be aware of the signs and to never provide personal information or take any action based on an unsolicited email, phone call, or in-person approach.
Here are some tips for avoiding social engineering impersonation scams:
- Be suspicious of unsolicited emails, phone calls, and in-person approaches. If you receive an email or phone call from someone you don’t know, or if someone approaches you in person and asks for personal information, be very careful. Do not give out any information until you have verified the person’s identity.
- Never give out your personal information over the phone. If someone calls you and asks for your Social Security number, credit card number, or other sensitive information, hang up the phone. Do not provide any information until you have verified the caller’s identity.
- Be aware of your surroundings. If someone approaches you in person and asks for personal information, be aware of your surroundings and trust your gut instinct. If you feel uncomfortable, do not provide any information and walk away.