Impersonation

0 Comments 6:00 pm

Part 1 – 2: Terms and Definitions for Impersonation

TermDefinition
PretextPretending to be a legit person who is lying to get info from you
Eliciting InformationGetting information from the victim
VishingPhishing attack over the phone
Identity FraudUse of someone else’s identity without their permission

An easy way to obtain information is by pretending to be someone else that the victim may know. Pretexting is a way for an attacker to pretend to be a legitimate person, such as a banker, FBI, or IRS agent, and trick the victim into giving the attacker sensitive information. The attacker usually converses with the victim in a cut a dry conversation, but describes a story about something that did or could have happened to the victim and then proceed with either repercussions if the victim does not do something or provide some sort of information to the attacker. Sometimes the attacker may even request a ransom to further scare the victim into providing money or gift cards to the attacker.

When impersonating someone, an attacker tends to get a general idea of how the conversation is going. The attacker can implement certain questions or thoughts to have the victim say something the attacker wants to hear, this is a form of Eliciting Information.

Most of these attacks occur over the phone, called Vishing. This makes it easier for the attackers to plan the attack beforehand by using a script to better handle the attack and prevent errors or making the attack useless.

Identity Fraud is one of the top issues around the world, when attackers steal the identity of someone else in order to gain access to the victims bank account, another business, or apply for credit cards. There are many other types of fraud such as credit card fraud, bank fraud, loan fraud, or SSN fraud.

As always, never provide passwords, usernames, social security numbers, bank account numbers, and other high sensitive information to someone you do not know or is looking to obtain them from you. A general rule of thumb, a bank or government official will never call you out of the blue and ask for such information. If a call sounds robotic or even like an alexa or google assistant voice, hang up. Attackers are now using computer generated voices these days to make attacks easier for them. A computer generated voice may also sound more enticing than a normal human voice to someone. One easy trick when you are not sure about the phone number that is calling you, do a google search of the phone number. Nine times our of Ten, you will be able to cross-reference the phone number with a business or even a name of an individual. If the number from Google does not populate any information you are aware of, usually it is best to let the caller go to voicemail.