Impersonation
Impersonation is a social engineering attack where an attacker pretends to be someone they are not.
- two approaches:
- persuasion/consensus/liking
- convince the target that the request is a natural one that would be impolite or somehow odd to refuse
- coercion/threat/urgency
- intimidate the target with a bogus appeal to authority or penalty
- persuasion/consensus/liking
- often leverages Pretexting
Brand Impersonation
Brand impersonation means the threat actor commits resources to accurately duplicate a company’s logos and formatting (fonts, colors, and heading/body paragraph styles) to make a phishing message or pharming website, a visually compelling fake.
- Disinformation/misinformation tactics could be used to create fake social media posts or referrers (sites that link to the fake site) to boost search ranking