Defining Impersonation

Hello, and welcome to section 1.9 of the attacks course, Impersonation. I’m Lisa Gilbert, and I will be sharing a lot of helpful information so you can understand this type of attack and defend against it. In our discussion of impersonation, I’ll define impersonation and why it is important to understand and prevent it. Next, I will discuss what attackers are trying to accomplish. Then I will explain exactly who is at risk and explore the red flags and warning signs that an impersonation attack is taking place. We will also explore some of the tactics used by attackers and share a couple examples of successful impersonation attacks. Lastly, I will describe how you can protect yourself and your organization from impersonation attacks.

Before we can discuss impersonation, we need to define what it is. Impersonation is another type of social engineering attack used to gain access to a system or network in order to commit fraud, industrial espionage, or identity theft. To do this, the social engineer impersonates or plays the role of someone you are likely to trust or obey convincingly enough to fool you into allowing access to your restricted space, to information, or to your network. What are the objectives of impersonation? First and foremost, the social engineer wants to gain your trust so you’re more willing to comply with their requests. Ultimately, they’re trying to gain access to a physically restricted space, to confidential information, or to your network.

Their goals may be fraud, industrial espionage, or identity theft. Who is at risk for an impersonation attack? Anyone who could be tricked by a sophisticated social engineer. Remember these people are essentially professional actors, and they can be extremely convincing.