According to the Federal Trade Commission, in 2023, impersonation scams reportedly cost victims about $1.1 billion, significantly higher than in previous years.
In 2023, 40 percent of impersonation scams began online, while only 32 percent began with a phone call, a decrease from previous years.
Reports of business and government impersonation scams made up half of the FTC's overall fraud-response workload in 2023. Scammers are increasingly blurring the lines between business and government scams, often impersonating multiple organizations in a single scam.
Top tactics used by scammers include fake account-security alerts, phony subscriptions, sham prizes, fake deliveries, and impersonating law enforcement.
Commentary
The FTC uses the term "impersonation". The scam is simple. A criminal claims they are someone else or are a representative of some entity in an attempt to get you to provide data, personal information, or money.
In the past, many of these scams were accomplished via voice. An unexpected phone call from someone claiming they were the police and were going to jail you or a loved one if you didn't pay a bond, taxes, or some other sort of debt. In many cases, the scam and its implementation were ludicrous, often humorous…but nevertheless some people fell for it.
Now criminals are moving toward sophisticated online scams and, with the use of deepfake technology and online meeting software, are targeting employers. In Hong Kong, a financial employee was tricked into wiring $25 million to online scammers that used deepfake voice and imaging according to reports. https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
As with most social engineering scams, the purpose is to create a sense of "drama" - like fear (going to jail) or joy (you won a million dollars) to trick you into providing information. Some scams can seem more legitimate than others because the person making the request sounds and looks like people you work with using deepfake technology.
The key thing is to follow your organization's standards on wire transfers, especially, which should include demanding independent verification outside the format of the request; use of codes to determine if the person making the requests are real and multiple sign offs from management. Never stray from the standards set by your organization, no matter the drama presented.
Jack McCalmon, Leslie Zieren, and Emily Brodzinski are attorneys with more than 50 years combined experience assisting employers in lowering their risk, including answering questions, like the one above, through the McCalmon Group's Best Practices Help Line. The Best Practice Help Line is a service of The McCalmon Group, Inc. Your organization may have access to The Best Practice Help Line or a similar service from another provider at no cost to you or at a discount. For questions about The Best Practice Help Line or what similar services are available to you via this Platform, call 888.712.7667.
If you have a question that you would like Jack McCalmon, Leslie Zieren, or Emily Brodzinski to consider for this column, please submit it to ask@mccalmon.com. Please note that The McCalmon Group cannot guarantee that your question will be answered. Answers are based on generally accepted risk management best practices. They are not, and should not be considered, legal advice. If you need an answer immediately or desire legal advice, please call your local legal counsel.