What Is an Example of Impersonation Phishing?

Impersonation phishing is one of the most common and deceptive forms of cybercrime today. In these scams, criminals pretend to be someone you know or trust—like a business, employer, government agency or even a family member—to trick you into sharing personal or financial information.

While phishing has evolved over the years, the core tactic remains the same: exploiting trust to steal information or money. Understanding how impersonation phishing works and recognizing the warning signs can help you protect yourself and your loved ones from identity theft and fraud.

What Is Impersonation Phishing?

Impersonation phishing occurs when a scammer poses as a trusted person or organization to manipulate you into taking an action, such as clicking a malicious link, sending money or sharing sensitive information. These scams may happen through email, text, phone calls, social media or messaging apps.

Unlike generic phishing emails that target large groups of people at once, impersonation scams are often personalized. Scammers use public data, social media information and details from data breaches to make their messages look legitimate.

For example, you might receive an email that appears to come from your boss, a text message that looks like it’s from your bank or a message from a friend on social media asking for help. The tone, language and branding may seem convincing—but it’s all part of a scam.

Common Examples of Impersonation Phishing

Impersonation phishing can take many forms, but most fall into a few common categories. Understanding these examples can help you spot and avoid potential scams.

Businesses

Scammers frequently impersonate well-known companies such as antivirus software providers, Microsoft, Apple or Google. These impersonation attacks often appear as:

• Fake invoices or renewal notices claiming you owe money for a service or subscription.
• Emails or pop-ups saying your computer has a virus and urging you to call a “tech support” number.
• Requests for remote access to your computer so they can “fix” a problem.

Once scammers gain access, they can install malware, steal login credentials or copy stored documents containing sensitive information.

Example: You receive an email that looks like it’s from Microsoft Security Support saying your computer has been infected with a virus. The message urges you to call a phone number to fix the issue. Once connected, the scammer asks for remote access to your device or payment details to “renew your security license.”

Legitimate companies will never ask for payment or remote access in this way.

Employers

Employment-related impersonation scams are on the rise and can take two primary forms:

• Fake job offers (job scams): Scammers pose as legitimate businesses that are hiring. They may send you an offer letter, request personal information such as your Social Security number (SSN) for a “background check,” or ask for your banking details to “set up direct deposit.” These scams are designed to steal identity credentials or financial data.
• Internal company impersonation: Criminals also target people who already have jobs. They may impersonate an executive or HR representative, asking you to update your payroll details or send gift cards for “employee rewards.”

Example: An employee receives an email from what appears to be their CEO, asking to update their direct deposit information “before payroll runs today.” The email looks real, but the new account belongs to the scammer.

Financial Institutions

Scammers often pretend to be banks or credit unions, claiming that your account has been compromised or linked to illegal activity. The message may urge you to verify your information, log in to a fake website or transfer funds “to a secure account.”

Once you provide your login credentials or send money, the scammer can drain your account or use the information to open new accounts in your name.

Example: You receive a text message from what appears to be your bank saying, “Suspicious activity detected on your account. Please confirm immediately.” The link in the message leads to a website that looks identical to your bank’s login page. Entering your credentials gives the scammer access to your real account.

Friends or Family Members

Personal relationships are powerful tools for manipulation, and scammers exploit them by impersonating friends or family members, often through social media or text messages.

They may claim to need:

• Emergency financial help (such as being stranded or in legal trouble).
• A vote or endorsement in an online contest.
• Investment help for a cryptocurrency or “grant” opportunity.

Because these scams use emotional triggers—urgency, empathy or fear—they can be difficult to detect, especially when messages come from hacked or cloned accounts.

Example: You get a message from a close friend on Instagram saying they’re stuck overseas and need money to get home. The account photo and name look familiar, but it’s a scammer who’s taken over their profile or created a fake one using their photos.

Government or Law Enforcement Agencies

Scammers also impersonate government officials or law enforcement to intimidate victims. They claim that your identity has been connected to criminal activity, such as money laundering or drug trafficking, and insist you must send money or provide identification to clear your name.

These scams can be extremely convincing. The caller may know part of your SSN, reference legitimate agency names (like the IRS or FBI) or spoof official phone numbers.

Example: You receive a call claiming to be from a “federal agent” who says your bank account has been linked to an investigation. They instruct you to transfer your money to a “safe government account” until the case is resolved. Once you send the funds, they disappear.

No legitimate government agency will ever demand payment or threaten arrest over the phone.

Can Scammers Pretend To Be You?

Yes. In some cases, criminals don’t just impersonate others—they impersonate you.

Using personal information stolen in data breaches, scammers can open new bank accounts, apply for government benefits, or even use your name and photos to contact your friends and family online. They may pretend to be you on social media, asking your contacts for money or promoting fraudulent investment opportunities.

If someone tells you they received a strange message from you—or you notice accounts created in your name—it could be a sign your identity has been compromised.

How To Protect Yourself from Impersonation Phishing

While impersonation phishing can be sophisticated, there are practical steps you can take to lower your risk:

1. Verify requests independently. If you receive a suspicious message, call or email the organization directly using a verified contact method.
2. Be cautious with links and attachments. Don’t click on unexpected links or download files from unknown sources.
3. Use multi-factor authentication (MFA). MFA makes it harder for scammers to access your accounts even if they steal your password.
4. Review your social media privacy settings. Limit what personal information is visible publicly.
5. Stay alert for emotional manipulation. Messages that create urgency, fear or secrecy are common phishing tactics.
6. Keep software updated. Updates often include patches for security vulnerabilities.
7. Report impersonation scams. Notify the platform, company or agency being impersonated.

What To Do If You Fall Victim to Impersonation Phishing

If you believe you’ve shared personal or financial information with a scammer, take action immediately:

• Contact your financial institutions to freeze your accounts.
• Change passwords and enable MFA across your accounts.
• Report fraudulent profiles on social media.
• File a report with the Federal Trade Commission (FTC) at identitytheft.gov.
• Reach out to the Identity Theft Resource Center (ITRC) for free, personalized assistance.

Final Thoughts

Impersonation phishing preys on trust. Whether scammers pretend to be a company, an employer, a bank, a government agency or even someone close to you, their goal is always the same: to get you to act quickly without verifying the request.

By slowing down, confirming messages directly with the source and knowing the red flags, you can protect yourself and others from becoming victims.

If you suspect you’ve been targeted or your personal information has been used in an impersonation scam, the ITRC can help. Our trained advisors provide free, confidential guidance to help you recover and safeguard your identity.

Call 888.400.5530 to speak with an expert today.