Cyber security tips

Imitating a person, brand or organisation – how impersonation scams work

Impersonation scams are the act of fraudulently posing as a person, organisation, or brand in order to trick a potential victim into taking an action or obtaining an unfair gain from them.

A scammer will make direct contact with potential victims via text/SMS, phone call or email, or they can leave a trap online, such as posting from a replica social media account or publishing ads for fake websites. Some scams can even take place in person, such as door knocking a home or business, or intercept on the street pressuring for ‘survey’ participation.

Through the contact, a scammer will identify themselves as a person or entity you already trust:

  • Government bodies
  • Your employer
  • Banks and financial institutions
  • Charities
  • Your friends and family.

By misleading you into believing they are or represent one of the above, they can then proceed to sell fake or counterfeit goods, steal sensitive data, or trick you into paying them money.

Example impersonation scams and warning signs

  • A business you deal with suddenly asks you to pay into a different bank account from the last one you used for payment.
  • You receive contact from a government department or law enforcement agency threatening imminent arrest or deportation, or demand immediate payment for an unfamiliar debt.
  • The owner or CEO of a company you work for, who you don’t normally have day-to-day dealings with, emails you a request to provide them with sensitive commercial information or to settle an invoice urgently.
  • A family member texts you from a new number or via a messaging app like WhatsApp and say they have a new phone; they desperately need you to help with money to get them out of a crisis.
  • A social account for a brand you love posts an ad for an exclusive social only sale with big discounts, where you arrange to buy their products via direct messages and bank transfer, rather than via their official website’s shop.
  • A representative from your bank calls to say your account has been compromised, and you’ll need to transfer money to an account they nominate to ‘keep it safe’ pending their investigation.

How to protect yourself

  • Don’t rush to act – always stop and think about who has contacted you, what they are asking you to do, and if their action falls into line with their regular behaviour or processes.
  • Immediately terminate contact with anyone who tries to intimidate or threaten you.
  • Check communications are real by contacting the organisation or person directly using your own saved contact details or that found on an organisation’s website.
  • Pay close attention to website URLs and caller IDs for odd or varying numbers or special characters and alternating spelling.
  • If you’re unsure about the call you have answered, don’t provide any information to verify your identity. Hang up and call the official phone number for an organisation to validate the contact you received.
  • Avoid opening unexpected attachments or clicking on unexpected links in emails and text messages.
  • If a family relation or friend contacts you out of the blue saying they have a new number, try to call the number you have stored for them, or contact them via their social media historically connected to you. You can also reply directly asking a question only they would know answer to.

If you think you’ve been scammed

  • Contact your financial institution to make a scam report and to stop any transactions and secure your account(s).
  • Change all your passwords for all your devices and online accounts – think email, banking, government portals and shopping.
  • Access help:
    • In Australia, contact IDCARE, who provide free recovery support for those who have been affected by scams and fraudulent activity, including cyber-crime and identity theft.
    • In the UK, reach out to Victim Support for independent, free, and confidential advice for victims of scams and other crimes.
  • Report the scam:
    • In Australia, to the National Anti-Scam Centre via the Scamwatch website.
    • In the UK, to Action Fraud, the national fraud and cyber-crime reporting centre.

Impersonation scams are just one of many types of scams to be aware of. You can read more about the other types of scams here.