IMPERSONATION FRAUD: HOW TO SPOT AND STOP COMMON SCAMS
Written By
Banc of California
Impersonation fraud is accelerating at an alarming rate. In 2023 alone, consumers reported more than $1.1 billion in losses from schemes involving fraudsters posing as trusted entities such as banks, government agencies and well-known businesses.
While financial scams are nothing new, the methods have become far more advanced. Fraudsters are no longer just phishing for passwords — they’re impersonating the people and institutions you trust most. From fake texts that appear to come from your bank to emails imitating company executives, impersonation phishing exploits familiarity and urgency to pressure victims into costly mistakes.
Protecting yourself starts with recognizing how these scams work, the red flags that signal something’s off and the steps you can take to safeguard your accounts.
What Is Impersonation Fraud?
Impersonation fraud occurs when a criminal poses as a trusted individual or organization to deceive a person into doing something they wouldn’t normally do, such as transferring funds, sharing sensitive information or granting access to accounts or systems.
Unlike identity theft, which involves using stolen credentials to act as the victim, impersonation scams manipulate individuals into acting on their own. This type of fraud is especially dangerous because it preys on trust and can disarm even the most cautious individuals and well-established controls.
Victims may receive a call from someone claiming to be a representative from their bank, a government agency or a familiar vendor. The communication may seem legitimate, complete with spoofed phone numbers, cloned websites and credible-sounding email addresses. In many cases, the fraudster has done their homework, using personal details, public records or information from past breaches to make their request appear authentic.
Criminals use a range of tactics, including:
- Phone calls and texts: Impersonators may spoof caller IDs to appear as though they’re calling from your bank or a government agency, pressuring you to take immediate action.
- Emails and fake websites: Messages often include logos, email signatures and language that mimic those of legitimate businesses. Victims are redirected to fraudulent sites built to capture login details or payment information.
- Social engineering: Scammers exploit human psychology through fear, urgency, authority or a sense of obligation to manipulate victims into bypassing normal safeguards.
- Deepfakes and voice cloning: Emerging technology allows fraudsters to replicate the voice or image of a company executive or public official, adding another layer of credibility to their deception.
Though the methods vary, the goal is always the same: to convince you to act before you have time to think. However, once you know what to look for, impersonation crime becomes easier to spot — and easier to stop.
Common Types of Impersonation Fraud
Impersonation scams take many forms, but most follow a familiar pattern: a convincing message, an urgent request and a trusted identity that turns out to be fake. Here are some of the most common tactics fraudsters use to gain access and exploit trust.
Bank Impersonation
Scammers pose as representatives from your financial institution, claiming there’s suspicious activity on your account. The message may instruct you to confirm a transaction, “secure” your funds or authorize a payment. In some cases, victims are persuaded to transfer money to a so-called “safe account,” which is actually controlled by the criminal.
Vendor or Supplier Fraud
In this type of impostor scam, a criminal pretends to be one of your regular vendors or service providers. They send an email that looks legitimate — often using a nearly identical address to the real contact — and claim their payment details have changed. The message may include a new account number and ask you to send future payments there. These scams are especially effective when they mimic real invoices or follow up on ongoing work.
CEO or Executive Impersonation
These business impersonation scams occur when fraudsters spoof the email address of a senior executive, often the CEO or CFO, and send urgent requests for wire transfers, gift card purchases or confidential data. The message may reach someone in finance or HR and often includes pressure to act quickly and discreetly. The goal is to bypass normal approvals by invoking authority and urgency.
Government Agency Scams
Criminals may pretend to be from agencies such as the IRS, Social Security Administration or the Small Business Administration. These impersonators often demand immediate payment for taxes, fees or penalties, threatening legal action if their instructions aren’t followed. Some scams even use robocalls or official-sounding titles to sound more credible.
Tech Support Scams
In this variation, fraudsters claim to be from a well-known tech company, such as Apple or Microsoft1, and warn you of a security issue on your device. They may ask for remote access or instruct you to install software that turns out to be malware. Once inside your system, scammers can steal credentials, install spyware or trick you into paying for unnecessary services.
Watch Out for These Red Flags
Impersonation scams often follow recognizable patterns. Being aware of the warning signs can help you spot a fraudulent request before any damage is done. Here are some common red flags:
- Urgent payment requests or secrecy: Be wary of messages demanding immediate wire transfers or financial actions or requests to keep your actions confidential.
- Unfamiliar contacts: If someone you don’t normally deal with reaches out, especially about money, verify their identity.
- Look-alike email addresses: Watch for subtle differences like @yourbank.co instead of @yourbank.com.
- Strange wording or grammar: Keep an eye out for awkward phrasing or typos, which can indicate something isn’t right.
- Threats for not complying: Always second-guess messages that warn of consequences if you don’t act.
- Unexpected changes to payment info: Always use a second contact method to confirm account or wire instruction changes.
How to Protect Yourself and Your Business
A few simple habits can go a long way in preventing impersonation fraud. First, always avoid clicking on suspicious links or responding to urgent requests without verifying the source. Use strong passwords, enable multifactor authentication and regularly review your financial accounts and credit reports to quickly spot any suspicious activity.
Businesses should implement strong internal controls, such as requiring dual approval for wire transfers, and train employees to spot phishing or spoofed messages. Make it a company-wide policy to always confirm changes to payment instructions through a known contact. For an extra layer of protection, consider working with your bank to enable fraud alerts and transaction controls.
Stay One Step Ahead of Impersonation Fraud
Impersonation scams continue to evolve, becoming more sophisticated and harder to detect. To avoid becoming a target, stay informed, be cautious and question any suspicious requests. Keep in mind that fraudsters rely on quick reactions, so if something feels off, take a moment to verify before taking action.
Using available tools like fraud detection alerts and account controls can strengthen your defenses. If you suspect phishing or impersonation fraud, report it right away. Doing so not only protects you but can also help prevent others from being targeted.
Banc of California offers a range of resources to help keep your information and accounts secure, including alerts, educational webinars and customizable security controls. Explore more cybersecurity and fraud prevention articles on our Business Insights page.
As a reminder, Banc of California will never contact you via text, email or phone to request your password or other sensitive information.
1 Banc of California is not affiliated with these third-party companies.
CONNECT WITH A RELATIONSHIP MANAGER
COMPLETE THIS FORM OR CALL
877-770-BANC (2262)