Six Examples of Impersonation Attacks and How to Shield Your Business


Impersonation attacks are smarter and more deceptive than ever, with “digital disguises” targeting everyone from big brand enthusiasts to high-level executives.

Whether it’s a bogus customer service interaction that looks startlingly real or an email pretending to be your CEO, understanding these schemes is key to protecting yourself and your organization.

Here are six impersonation attack examples to help keep you on guard.

1. Brand Impersonation

Brand impersonation is one of the most prevalent threats in the digital landscape as fraudsters are becoming increasingly skilled at creating fake websites, social media accounts, and email addresses that closely resemble a brand’s official channels.

These actions can deceive customers into sharing sensitive information or making purchases from fraudulent sources—which of course can be devastating, resulting in financial loss, reputational damage, and loss of customer trust.

And seemingly no organization is safe.

Bolster’s threat research team uncovered a widespread brand impersonation scam campaign targeting 100+ popular clothing, footwear, and apparel brands. Among the notable brands affected by this campaign were Nike, Puma, Adidas, Casio, Crocs, Sketchers, Caterpillar, New Balance, Fila, Vans, and numerous others.

This campaign came live around June 2022 and had peak phishing activity between November 2022 and February 2023.  To carry out their scam activities, threat actors registered thousands of domains (typosquatting) with the intention of targeting unsuspecting customers of these brands for their own financial gain.  

2. Executive Spoofing

Executive spoofing is a type of email spoofing cyberattack where cybercriminals impersonate executives within an organization to trick employees into revealing sensitive information or carrying out fraudulent transactions. This attack relies on social engineering tactics and often targets lower-level employees who may not question the legitimacy of an email from their supposed superior.

To make it happen, attackers may use a feature called “display name spoofing” which allows them to alter the sender’s name in an email without changing the actual address. This can make it difficult for recipients to detect that they are being targeted by a phishing attempt.

Given just how much we relay on email, it is important for organizations to educate their employees about this type of attack and implement security measures such as two-factor authentication and anti-phishing software to mitigate the risk of executive spoofing.

In general, and in addition to executive spoofing, there five distinct types of executive impersonation attacks that organizations need to protect against:

1. Business email compromise: In BEC attacks, scammers use phishing techniques with fraudulent email addresses to fool unsuspecting employees into transferring funds, sharing sensitive data, or executing malicious orders. The email addresses either closely resemble legitimate work emails and often carry the same branding or are actual email addresses of compromised executives.

2. Whaling: Whaling is a type of phishing attack that explicitly targets only high-value individuals. Attackers lay out an intricate social engineering plan to misuse the alleged trust between executives and their employees.

3. CEO fraud: With CEO fraud, scammers impersonate the CEO or another member at the top of the hierarchy to convince subordinates to execute urgent orders such as immediate transfers of funds.

4. Supply chain compromise: In this type of executive impersonation attack, the threat actors impersonate a trusted vendor of the organization instead of a high-ranking executive.

5. Account takeover: Attackers use advanced TTPs to compromise the accounts of fellow employees or executives. These accounts are then used to attack other employees vertically or senior executives horizontally to further access sensitive information.

3. Customer Support Impersonation

Many companies use social media as an outlet to manage their relations with customers, troubleshoot user problems, and answer their queries. Twitter is one of the key platforms where users can tag the brand’s handle with the troubles they’re facing or feedback about the services. The brand’s Twitter handle tries to troubleshoot the problem or refers the user to a support page or link where the user can raise requests.

Why does it work? Twitter is a public platform, and all the Tweets are visible to everyone by default, which allows scammers to view complaint tweets in which a brand, any related Twitter handle, or specific keywords are mentioned.

Then, scammers either reply to tweets from fake brand profiles, or they DM the user posing as the brand’s customer support. The end goal of scammers is to deceive the user into giving up confidential information and use that information to hijack accounts or cause financial damage.

4. Email Phishing

Phishing is a cyber-attack where attackers use fake communication to acquire sensitive information. These communications can take the form of emails, text messages or websites that look legitimate but are designed to trick users into giving up their personal information like credit card numbers and bank account numbers.

With email phishing, specifically, attackers send fraudulent emails that appear to be from a legitimate source, such as your bank or an online retailer. These messages often contain links to fake websites that ask you for your login credentials.

5. Caller ID Spoofing

Caller ID spoofing is a technique used to manipulate the calling line identification information displayed on a recipient’s phone. Anti-spoofing measures, suchas STIR/SHAKEN (Secure Telephone Identity Revisited/Signature-based Handling of Asserted Information using Tokens), can be implemented to authenticate and verify the calling party’s identity.

Implementing anti-spoofing measures is key in protecting systems and data from malicious spoofing attacks. As is the theme of this blog post, by preventing cybercriminals from impersonating trusted entities, organizations can maintain the confidentiality and integrity of their information, as well as ensure the availability of their systems.

Man-in-the-Middle Attacks

One last challenge is the “Man-in-the-middle” attack on unsecured networks where attackers monitor traffic between two parties and manipulate it for their benefit. This type of attack poses a significant threat as it allows an attacker to intercept data transmitted over the network without being detected by either party.

To mitigate such challenges with traditional DNS, IT security professionals need robust solutions that provide high levels of availability while ensuring blacklist protection against unauthorized modifications.

Making Sense and Taking Action Against Impersonation Attacks

In the shadowy corners of the digital world, impersonation attacks are not just a threat to our systems but a direct assault on our trust—trust in the brands we love, the colleagues we work with, and the communications that connect us. From the deceptive depths of brand impersonation that shakes consumer confidence to the sinister precision of executive spoofing that undermines internal trust, these cyber threats are more than mere disruptions; they strike at the heart of our personal and professional lives.

At Bolster, we monitor for misuses of your brand, your executive’s digital assets, and more—all in the name of stopping impersonation attacks before they even have a chance of getting going. That only happens by alerting you when potential threats are detected in order initiate takedowns automatically.  

To learn more how Bolster can help you business defend against executive impersonation attacks, request a demo with our team today.