What It Is, Types of Attacks, & How to Prevent It

Click on the bookmark to view chapters of this webpage

Subscribe to our newsletter!

Please fill out the form below:

Click on the bookmark to view chapters of this webpage

Not everyone on a marketplace is always who they seem. Some may pretend to be other customers to buy things at legitimate shoppers’ expense. Others may pose as marketplace employees to coerce customers – or even other employees – into giving them money or sensitive information.

Impersonation such as this can cause major trust issues for a marketplace. If staff, vendors, and customers can’t tell if they’re interacting with a genuine person or just someone (even a program) pretending to be someone else, they’ll be much more reluctant to do business.

This piece will teach the definition of impersonation, including explaining what it is (and isn’t) in the context of Trust and Safety. It will also discuss how some different forms of impersonation work, and some tips for how a marketplace can guard against impersonators.

Book a Demo

What is Impersonation?

Impersonation is when a person pretends to be someone they aren’t. This can involve the person changing how they look, dress, talk, or act. It can also entail a person representing themselves with someone else’s identity credentials, or even fabricating a false or synthetic identity.

Impersonation in a marketplace context makes it difficult for both vendors and customers to trust who they’re dealing with. For example, duplicate accounts can cause someone to think they’re interacting with two or more unique users, but those accounts are actually controlled by the same person. Or an impersonator may take over another user’s account to profit at that user’s expense, or act out of character for that user to disadvantage them in some way.

This is why Trust and Safety teams need to be aware of impersonation fraud and how to stop it.

Is Impersonation Illegal?

In cases where it’s used to deliberately mislead people in order to harm or take advantage of them, impersonation is a crime. For example, Title 18, Chapter 43 of the US Criminal Code makes it illegal to do the following with the intent to disadvantage or defraud someone:

  • Falsely claim to be a citizen of the United States
  • Impersonate a US law enforcement officer or government employee
  • Arrest or search a person or property under the guise of a US authority figure
  • Impersonate an individual or entity that the US government owes money to
  • Impersonate a foreign government official to commit fraud within the US
  • Impersonate a member or representative of a 4-H youth organization
  • Impersonate a member or representative of the American Red Cross Association

Similarly, Chapter C-46, Section 403 of Canada’s Criminal Code makes it illegal to impersonate someone – whether they’re alive or dead – to gain property or other advantages, disadvantage the impersonated individual, or obstruct justice.

What is False (or Criminal) Impersonation?

False impersonation is when someone impersonates another person expressly for the purpose of defrauding others. They may do so to gain money, property, or some other advantage. Or they may cause harm to the one being impersonated by stealing from them, wasting their resources, or acting out of character to damage their reputation.

This is also known as criminal impersonation because it’s illegal in many places. It’s also illegal to impersonate someone to avoid consequences for criminal activities, including other acts of impersonation.

Is Impersonation the Same as Identity Theft?

Identity theft and impersonation aren’t quite the same thing, but they are very much related concepts. Identity theft is the act of stealing a specific person’s identifying information and then using it to pretend to be that particular individual. So identity theft can sometimes be a component of impersonation and is treated as the same crime in some places.

Impersonation can also be used for identity theft. This is where the impersonator claims to be a company employee or other authority figure and leverages this false position to coerce someone into revealing their identity information.

4 Types of Impersonation to Be Aware of

The advent of the internet and digital technology has made forms of online impersonation much more widely used in this day and age. However, that’s not to say that marketplaces and their users aren’t still vulnerable to more traditional forms of impersonation.

Here are four categories of impersonation that Trust and Safety teams should know about.

Type 1: Phishing

Phishing” refers to a broad category of communication activities that involve impersonating an individual or organization to maliciously trick people. Usually, they try to get victims to reveal sensitive identity or financial information, or unwittingly download a program that damages a computer or network.

For example, an impersonator may send an e-mail or phone call pretending to be a coworker, authority figure, or representative of a well-known company. They may also create a phony website, mobile device app, or social media account meant to look like it’s from a legitimate person or company.

Type 2: Identity theft

Identity theft involves using found – or in many cases, stolen – pieces of someone’s identifying information to impersonate that individual. Common uses of this type of impersonation are to steal the victim’s money or purchase things for the impersonator using the victim’s payment details. It can also be used for purposes such as protecting the impersonator’s true identity while they commit marketplace rule violations or other crimes.

Type 3: Account takeover

An impersonator may also break into someone’s online account and use it as though they were that person. They may do so to steal money or sensitive information; shield their real identity while committing crimes or marketplace rules violations (such as threatening or harassing other users); or act in ways meant to embarrass or defame the account’s actual owner.

Type 4: In-person impersonation

Not all impersonation happens online. Some people will change how they look, dress, speak, or act in real life to appear as though they were someone else. They may even create a fake identity or false financial documents to make the ruse more believable.

How to Prevent Impersonation

Preventing impersonation in a marketplace comes down to two interrelated processes. The first is requiring all involved parties to prove they are who they say they are sufficiently. The second is to ensure all involved parties know how to differentiate a marketplace’s authentic platform and communications from phony ones. Here are three general strategies for stopping impersonators.

Implement robust KYC infrastructure

Impersonation attack prevention begins with detecting and blocking impersonators when they sign up for a marketplace. Identity verification standards such as multi-factor authentication, ID document checks, and even liveness or biometric detection will help to ensure both marketplace staff and customers are who they claim to be. Inconsistencies can be investigated further, and those who fail to sufficiently prove who they are can be kept out of the system.

Secure the marketplace’s identity

Develop secure standards, so both marketplace staff and customers will know when they are dealing with the real marketplace or its legitimate employees. Examples include:

  • Use domain management tools to block the creation of impostor websites
  • Use a marketplace-specific email domain for all official corporate communications
  • Link to the marketplace’s official website and social media accounts in messages
  • Monitor social networks for accounts impersonating the marketplace or its employees
  • Monitor application stores for fake apps claiming to be from the marketplace
  • Encourage staff and customers to create strong account passwords
  • Encourage staff and customers to occasionally change their account passwords

Teach marketplace staff and customers how to deal with impersonators

Both marketplace staff and customers should be taught how to recognize and handle phishing communications from impersonators. These messages often have hallmarks such as:

  • Arriving at a strange time of day, or from an unusual location
  • Containing suspicious attachments or URLs, such as invoices to be paid
  • Requesting (changes to) identification or financial information on short notice
  • Emphasis on urgency and/or confidentiality
  • Unusual sender or reply-to names or addresses
  • Odd purchase requests, such as gift cards in bulk

These procedures should include reminders of what legitimate marketplace employees will never do over certain communications channels. They should also include the provision of communications channels for reporting suspected impersonation activity.

Subscribe To Our Newsletter

Why Impersonation Matters for Trust and Safety

For a marketplace to work, people need to be able to trust that others they deal with are who they say they are. 

People want to ensure their money or products are going to honest users and not scammers. They want to know their sensitive information is being handled responsibly by official marketplace staff, not fraudsters looking to use it to commit crimes. 

And they want to feel confident that if they have a bad experience with another marketplace user, they won’t just run into that person again under a different guise.

Unit21’s onboarding tools allow for weeding out impersonators before they even enter a marketplace. And our Trust and Safety solution allows for the monitoring of users already in the marketplace to detect possible impersonation activity and deal with the perpetrators. 

If you’d like to learn more, you can schedule a demo to see our marketplace fraud products in action.