+1 (877) 634-6847
Customer Support
Cybersecurity Glossary

What Is an Impersonation Attack?

An impersonation attack is a social engineering tactic where an attacker pretends to be someone the target trusts. The fake identity may be a coworker, executive, vendor, customer, IT employee, recruiter, bank, government office, or familiar brand.

Learn More
Glossary Index Phishing & Social Engineering
Short definition

An impersonation attack uses a false identity to make a request seem legitimate. The attacker may ask for money, credentials, MFA codes, account changes, files, access, or confidential information by making the target believe the request comes from a trusted source.

At a glance: The danger is not only the fake name. It is the trust that comes with the name, role, logo, voice, email address, or business context.

Impersonation Attack Meaning

Impersonation attacks work because people use identity as a shortcut for trust. If a request appears to come from a manager, vendor, customer, or support team, the target may focus on completing the task rather than verifying who is really asking.

The attacker can imitate identity in many ways. They may spoof an email address, copy a logo, use a lookalike domain, create a fake profile, steal an account, mimic a writing style, use caller ID spoofing, or reference real business details found online. Some impersonation attempts are rough. Others are polished enough to blend into normal work.

In business environments, impersonation is often tied to routine workflows. Finance receives invoice questions. HR handles employee records. IT supports accounts. Customer support helps users recover access. Executives ask for urgent updates. Attackers study those workflows and choose identities that make the request feel plausible.

The risk increases when the request creates pressure. A fake executive may ask for secrecy. A fake vendor may warn that service will stop. A fake customer may become frustrated. A fake IT worker may claim there is an active security issue. Those emotional cues push the target toward action before verification.

How Impersonation Attacks Work

An impersonation attack builds enough identity signals to make the target trust the request.

  1. A trusted identity is selected. The attacker chooses a person, brand, team, vendor, customer, or authority the target is likely to recognize.
  2. The identity is copied or suggested. They may use a similar email, display name, domain, logo, profile photo, phone number, or conversational style.
  3. A believable request is made. The request may involve invoices, passwords, access, HR documents, account recovery, files, or urgent approvals.
  4. Pressure narrows the target’s options. Urgency, confidentiality, frustration, authority, or helpfulness can make verification feel inconvenient.
  5. The attacker uses the result. Money, credentials, information, or access gained from one request can support a larger compromise.

Common Impersonation Attack Examples

Impersonation can appear anywhere a trusted identity can influence behavior.

  • Executive impersonation: A message appears to come from a leader asking for a payment, gift card purchase, confidential file, or urgent task.
  • Vendor impersonation: An attacker pretends to represent a supplier and asks finance to update payment details.
  • IT support impersonation: A caller claims to be from the help desk and asks for an MFA code or remote access.
  • Customer impersonation: A fake customer pressures support into revealing account data or bypassing identity checks.
  • Brand impersonation: A fake login page, email, or text uses a familiar company name to collect credentials.

Why Impersonation Attacks Matter

A convincing identity can make a harmful request look like normal work. Employees are trained to respond to leaders, customers, vendors, and support teams, so attackers use those relationships as leverage.

The consequences can include payment fraud, account takeover, customer data exposure, payroll changes, unauthorized access, or malware delivery. The first request may look small, but the trust behind it can open larger doors.

Impersonation also creates confusion during response. If the message looks like it came from a real person or a compromised account, teams must determine whether the identity was spoofed, stolen, or simply abused through lookalike details.

How to Reduce Impersonation Attack Risk

The safest process verifies the identity, the channel, and the request before sensitive action happens.

  • Use trusted callback paths. Verify unusual requests through known numbers, internal directories, vendor portals, or existing contacts.
  • Separate identity from approval. Even a real account can be compromised, so payment changes and access requests still need process checks.
  • Inspect sender details. Look for display name tricks, lookalike domains, changed reply-to addresses, and unusual sending channels.
  • Protect high-risk workflows. Finance, HR, IT, and support should use documented verification for account changes, payments, and sensitive data.
  • Report suspicious identity use. Security teams need reports about fake profiles, spoofed messages, and unusual requests before they spread.

What to Do After a Suspected Impersonation Attempt

A quick report helps determine whether the identity was spoofed, compromised, or copied.

  1. Preserve the message or call details. Keep headers, screenshots, phone numbers, profile links, and the exact requested action.
  2. Verify with the real party. Use a trusted channel to confirm whether the person or vendor actually made the request.
  3. Stop pending actions. Pause payments, account changes, data transfers, or approvals until the request is validated.
  4. Warn targeted teams. If the attacker used a recognizable identity, others in finance, HR, IT, or support may receive similar messages.

Related Impersonation Attack Terms

Impersonation attacks often rely on false stories and business workflow pressure.

Impersonation Attack Takeaway

Impersonation attacks work because trust moves faster than verification. A familiar name, logo, voice, or role can make a request feel safe before it is checked.

The best defense is a repeatable verification habit. Trust the process more than the message, especially when money, access, credentials, or sensitive data are involved.

Navigation
Back to Glossary View Category

Share This Page

Send this glossary page to a teammate, client, or employee who needs a quick explanation.

Email Facebook LinkedIn
FAQ

Questions Teams Ask About Impersonation Attacks

Quick answers about fake identities, spoofed requests, business workflows, and safer verification habits.

What is an impersonation attack?

An impersonation attack is a social engineering attempt where an attacker pretends to be a trusted person, company, vendor, customer, or authority to influence the target.

What do impersonation attacks try to gain or cause?

They may target money, credentials, MFA codes, account access, sensitive files, customer data, payment changes, or approvals.

How do impersonation attacks happen?

They can happen through email, phone, text, chat, social media, fake websites, video calls, or in-person interactions.

How can employees verify an identity?

They should use trusted directories, known phone numbers, approved vendor portals, internal channels, and documented approval workflows instead of relying on the message itself.