Cyber Talk: Impersonation attacks on the rise
Here are some ways to keep fake accounts at bay
Published Date - 20 December 2022, 12:45 AM
An impersonation attack takes place when a digital adversary fraudulently poses as a trusted associate of the target, often as a friend, work colleague or executive leader at the target’s company.
Impersonation is where users create social media accounts mimicking legitimate accounts.
Impersonators are those who pretend to be someone’s popular personality (i.e. politician, film star, activist, entrepreneur, etc.) or an official representative of a popular brand or company.
Such impersonators are found across all online social platforms that are widely used by celebrities, influencers, businesses and public figures. Although many impersonators may be harmless, there exist nasty fake accounts that focus on defamation or asking for donations/seeking loans/extorting money as soon they are connected.
Impersonators are highly organised, have a focused plan and approach, produce pre-planned untrustworthy content, perform abuse or generate fake negative engagement.
For instance, a fraud scheme in which telephone scammers impersonate the NCB and other drug enforcement agents to steal identifiable or sensitive information from victims or other healthcare providers. These calls will be made to online users, especially those who have a weekend party culture.
Scammers use fake names and emblem figures, the names of well-known drug enforcement officers or police officers in original departments.
Impersonators frequently seek out social profiles discussing (a) medical issues (b) divorce (c) a new job (d) party savvy (e) gaming (f) wanting to make a purchase (f) lifestyle savvy (g) technology savvy (h) travelling and (i) sporting.
Traits of an impersonator
Urgent tone: Attackers need their victims to act quickly.
Unusual requests: Getting an email to get verified in order to receive money.
Emphasis on confidentiality: Scammers frequently use words such as ‘private’, ‘confidential’ and ‘secret’ so that you don’t disclose conversations with others.
Incorrect email address: Most of the time scammers use email spoofing or look-alike emails to get into your inbox.
Recent impersonation attack
Firstly, fraudsters create fake accounts online using stolen, compromised accounts of higher officials. They also create their digital profile (DP) with the image of an enforcement officer or a senior bureaucrat.
The scammer then sends WhatsApp messages to their targets, impersonating that enforcement officer or bureaucrat.
They target individuals who are weekend-party savvy and all the data is gathered from social media portals.
The scammers’ stories may slightly vary, but in general, they’ll tell you that they’ve seized a parcel packed with illegal drugs. It was couriered in the victims’ name or they set up information relating to a seized courier packed with illegal drugs, and they threaten that the victim was going to be arrested for drug trafficking and money laundering.
If the victims don’t properly respond to their emails and WhatsApp conversations, scammers start threatening them by sending fake notices, pretending to be law enforcement and investigation agencies, to arrest them for not paying the amounts. They demand payment without giving the opportunity to appeal the amount they say the victims owe.
As part of the extortion, the fake officer comes up with the above reason for victims to transfer money to them as payment or to prove the victims are willing to cooperate, and they will direct the victims to transfer the money using UPI.
Don’t fall in the trap
Use unique, complex passwords (use special and alphanumeric characters).
Enable (2FA) two-factor authentication.
Use Lock/Guard features for profiles.
Configure privacy settings for your social media platforms to control information sharing.
Never overshare sensitive and personal information on social platforms.
Avoid clicking on suspicious links, verify the link with https://isitphishing.org/
Only connect with people you know and trust in real life.
Consent should be treated the same way for all offline and online
Disable access to GPS/location on social media platforms
Make the habit of checking complete email headers before you reply, especially when you have a request for a financial transaction.
Reporting impersonation on social media portals
• Instagram: https://help.instagram.com/370054663112398
• YouTube: https://support.google.com/youtube/answer/2801947?hl=en
• Facebook: https://www.facebook.com/help/contact/169486816475808
• LinkedIn: https://www.linkedin.com/help/linkedin/answer/61664/reporting-fake-profiles?lang=en
Reporting impersonation on cybercrime portal
Impersonation is a crime and involves assuming a false identity with the intent to defame/defraud/extort money/pretending to be a representative of a person or organisation. Try and report directly to social platforms as mentioned in this article and if the gravity of the situation is much, you should complain on the national cybercrime portal — https://www.cybercrime.gov.in