In an era when digital connectivity is integral to daily life and the economy, the threat of impersonation scams has grown exponentially. These scams, in which imposters mimic trusted entities to deceive individuals, have led to staggering financial and personal losses. The Federal Trade Commission reported over $1.1 billion in U.S. consumer losses due to such scams in 2023 alone.
Impersonation scams are not just simple tricks but a sophisticated form of social engineering where cybercriminals use techniques such as phishing and smishing to direct individuals to fake websites that look and feel like legitimate ones. These attacks can lead to account takeovers, identity theft, and significant financial loss. Cybersecurity and online protection review site DataProt found that a new phishing site was created every 11 seconds in 2023, underscoring the scale of the problem and the need for increased vigilance in detecting these sites. A massive online campaign targeting popular apparel brands such as Nike, Crocs, and Adidas was uncovered by Bolster last year. This campaign employed typosquatting, which relies on consumers mistyping a popular company’s web address to direct them to a malicious site.
The proliferation of AI technologies has further exacerbated this issue, making it easier and faster for fraudsters to create convincing digital fakes. Companies and consumers often fail to detect these fraudulent sites quickly, leaving them vulnerable for weeks or months. In addition to consumer impact, damages to businesses can be severe, including financial losses, increased expenses, and reputational damage.
Companies’ current approach is to scan the internet for illegitimate domains and file a request to remove illegitimate copycats. Yet “scanning the internet for new domains takes time, and is done at intervals, between which a new fake site can go live, be used for an attack, and be taken down by the cybercriminal,” said Israel Mazin, co-founder, CEO, and chairman of Israeli cybersecurity firm Memcyco.
Governments and regulatory bodies are beginning to take stronger actions against impersonation scams. In the United Kingdom, new regulations set to take effect in October 2024 will require banks to reimburse defrauded customers. While there is no parallel national regulation in the U.S., in April the FTC expanded its Impersonation Rule banning impersonation of individuals in addition to government and business, paving the way for federal prosecution. The Senate Homeland Security and Government Affairs Committee held hearings in May examining fraud on the popular bank transfer network app Zelle. At the state level, the New York Attorney General sued Citibank for failing to reimburse fraud victims. Companies have also taken action, such as Amazon’s lawsuits against Prime Video scammers. These actions underscore the need for stricter regulations to combat impersonation scams.
Consumer education campaigns are critical in the fight against impersonation scams. The FTC’s National Consumer Protection Week has been held annually since 1999 to educate the public on recognizing and avoiding fraud. Personalized education efforts by companies such as Meta, FedEx, and Apple all offer personalized education efforts, and retail chains such as CVS and Walgreens educate consumers on how to spot and avoid gift card scams. Cybersecurity and Infrastructure Security Agency Director Jen Easterly has been vocal about encouraging consumers to enable multi-factor authentication, emphasizing that MFA makes you 99 percent less likely to get hacked.
Private companies are increasingly taking proactive measures to protect their customers. New safety measures announced by Zelle require banks and credit unions that use the network to implement its risk insights service and is partnered with the Better Business Institute and National Council on Aging to educate consumers. Many consumer sites, from shopping to travel, are following the banking industry in enhancing user security through MFA and biometric systems.
Innovative technology solutions are emerging to combat impersonation scams. Israeli cybersecurity firm Memcyco has developed a real-time detection and alert system. Its 2024 State of Impersonation Fraud Resilience Report found that while 72 percent of companies have a monitoring system, only 6 percent are adequately protected. Memcyco’s solution addresses this gap by providing immediate alerts to the impersonated company and to the affected website visitor when they visit a spoofed website, significantly reducing fraudsters’ time to exploit their targets.
Despite these efforts, much work remains to be done, as proactive detection systems, better customer education, and stricter regulations are essential to mitigating the risk of impersonation scams. The Memcyco report findings highlight that while awareness is high, the effectiveness of current solutions is lacking, pointing to a critical area for improvement. As digital impersonation scams evolve, so must our strategies to combat them, requiring a coordinated effort from regulatory bodies, private industry, and technology innovators to protect consumers and businesses from these pervasive threats.
Follow me on LinkedIn or check out my other columns here.