The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) recently published statistics from the Federal Trade Commission (FTC) showing massive losses associated with impersonation scams.
The NJCCIC’s mission is to be New Jersey’s one-stop shop for cybersecurity information sharing, threat intelligence, and incident reporting. It is a component organization within the New Jersey Office of Homeland Security and Preparedness.
The FTC statistics show that over $1.1 billion in losses from impersonation scams were reported in 2023. These scams included 330,000 incidents that were business impersonation scams, along with nearly 160,000 that were government impersonation scams. There was also an increase in multi-stage impersonation scams — where threat actors pose as more than one organization in a single scam. As an example, threat actors may initially impersonate an employee of a trusted organization – followed by a transfer to someone claiming to be from a bank or government agency.
In April 2024, the FTC announced a new rule regarding the impersonation of government agencies and businesses This rule gives the agency more robust tools to fight and deter potential impersonation scammers. The new rule empowers the FTC to file federal court cases seeking money back for victimized consumers and pursue civil penalties against scammers.
What are the top methods of impersonation?
Phone calls, emails, and text messages: The top initial stage of impersonation scams is through phone calls. Next are emails and text messages, which are both on the rise.
Copycat Account Security Alerts: Threat actors claim to be from a trusted organization – initiating fraudulent messages citing suspicious account activity or unauthorized charges. Next, they persuade their target to transfer funds or move money to another account – such as a Bitcoin ATM – making a claim that it will help protect their funds.
Fake Subscription Renewals: Bad actors send a notice claiming that a subscription will auto-renew for a charge of a few hundred dollars. They sometimes try to convince their target to provide access to their computer, giving the appearance that they accidentally refunded too much money to the target. They then demand a return of a refund, using gift cards or other payment methods.
Bogus Giveaways, Discounts, or Money to Claim: Cybercriminals send a message about a giveaway, discount, or unclaimed money. Again, these messages appear to be sent from legitimate, well-known organizations. These scams involve a requirement to purchase gift cards or transfer funds to receive the gift or discount.
Phony Problems with the Law: Targets are contacted through the impersonation of government agents. The threat actor doing the impersonation claims their identity has been used to commit a serious crime. They offer to fix the problem by having targets purchase gift cards or transfer funds during a supposed investigation.
Package Delivery Problems: Messages are sent to targets with a claim to be from carrier services (such as UPS, Federal Express, etc.) stating they are having problems making a delivery. The messages include a link to a spoofed website, impersonating the carrier’s website. The website will prompt for a credit card or bank account information for a small redelivery fee.
Recommendations to Mitigate Impersonation Threats and Theft
The NJCCIC provided recommendations to help mitigate the risks of impersonation threats and theft:
- User and organization education on these continuing threats and tactics to reduce victimization.
- Refrain from responding to unsolicited communications, clicking links, or opening attachments from unknown senders.
- Exercise caution with communications from known senders.
- Avoid calling numbers displayed in unverified emails or sharing personal information with unsolicited communications.
- Refrain from complying with requests to purchase gift cards and sending the numbers to someone without first verifying the request via a separate means of communication.
- The US government and other legitimate businesses will not advise the purchase of gift cards, Bitcoin, or request money transfers. These are unusual requests or demands, typically portraying a sense of urgency, and should be handled with increased suspicion.
- If victimized, users are encouraged to report scams to the FTC, FBI’s IC3, and the NJCCIC.
For more technology trends and topics, follow our LinkedIn page! 🖥️
➡️ Check Out Our Business Testimonials!
How is your state of IT? Call Us: (201) 493-1414 with any questions.
