Blog / Identity Theft

Impersonation scams in 2026: How to recognize and avoid them

Impersonation scams involve criminals posing as trusted entities like banks, government agencies, or even family members to steal money and personal information. These scams have become increasingly sophisticated, with criminals now using AI technology like voice cloning to make their deceptions more convincing. Knowing how to recognize and avoid impersonation attempts is essential for protecting your finances and personal data. This guide will help you identify common impersonation tactics and defend against these threats.

Author image

Ugnė Zieniūtė

January 2, 2026

9 min read

The broadest identity theft protection available

Get notified and act immediately

What are impersonation scams?

Impersonation scams (also known as imposter scams) are a form of phishing scams where a scammer pretends to be an entity that the target may trust, like a reputable company, government agency, a friend, or family member. They then trick the target into sending money, revealing personal information, or giving access to accounts. In this type of attack, the scammer uses a sense of urgency and fake email addresses or phone numbers to exploit a person’s trust and get them to act immediately. 

How do impersonation scams work?

Scammers know that many people are already on guard against attacks, but an imposter scam allows them to pretend to be someone their potential victims trust. Threat actors work to make their calls, emails, and text messages seem legitimate by imitating the exact look and format of official communications. They also use spoofing to fake IDs like phone numbers and email addresses. In their messages, they may include malicious links they encourage you to click, ask you to provide sensitive information directly, or request immediate payments. With your guard down, a scammer can pressure you into taking action right away.

Common types of impersonation scams

To learn to spot imposter scams, it’s important to become familiar with the most common types of attacks. Some are online impersonation scams, while others are phone scams carried out via vishing or with text messages. Arm yourself against potential financial losses and identity theft by reading more below about the common types of impersonation scams.

Government impersonation scams

In this type of imposter scam, a fraudster may pose as a representative of the IRS, Social Security Administration, or the FBI. They may also claim that they are from police departments or courts or that they possess some other form of governmental authority. Some tactics in these scams include threatening to arrest you unless you pay a fine for unpaid taxes, missed jury duty, or compromised Social Security numbers. If the government wants to contact you, it will almost always be by mail. Any other method of communication may be a scam.

Tech support impersonation scams

This impersonation scam involves a scammer posing as a representative from Microsoft, Apple, or an antivirus company. They will claim that your computer is infected or compromised to remotely access your device and steal your information.

Financial institution impersonation scams

In attacks like bank impersonation scams or Zelle scams, scammers pretend to be from banks, credit card companies, or payment platforms, alleging fraudulent activity on your accounts. You might be told you owe money or asked to share personal information if you want to access your account.

Business impersonation scams

Criminals may pose as representatives from businesses like Amazon, delivery services (USPS, FedEx), utilities, or subscription services to steal money and personal information. For example, if you receive an email claiming you owe hundreds of dollars for subscription renewal, note the urgent tone and report it.

Family emergency scams

These imposter scams use your love and concern for your family against you. Scammers pretend to be relatives, saying they are in trouble and need financial help. “Grandparent scams” target the elderly with criminals claiming to be grandchildren or other younger relatives in peril. 

Celebrity and social media impersonation scams

Some scammers use fake celebrity profiles so they can trick fans into sending money in the form of “investments” or contributions to “charities.” They may also use social media to impersonate friends or family members.

AI-powered impersonation scams

In these AI scams, fraudsters use AI-generated voice cloning and deepfakes to impersonate loved ones or authority figures. As with other imposter scams, they apply pressure to make the victim act fast without thinking.

How to recognize impersonation scams

Recognizing the warning signs of an impersonation scam is key to protection. Now that you know the imposter scam definition, how these attacks work, and some of the most common types, watch out for these red flags:

  • Suspicious email addresses. Whenever you receive an unexpected email from a trusted company or government agency, make sure that the domain of the email address is the same as the one on the website’s contact page.
  • Unusual caller ID. Just like with email addresses, if you get a call claiming to be from a reputable company, check to see if the number matches the one on the company’s website. This isn’t a foolproof tactic since scammers are able to fake phone numbers, but it is still worth trying.
  • Shady links. If you receive an email out of the blue that prompts you to click a link and fill out personal information, that’s definitely a red flag. Before clicking the link, go to the company’s official website and check if it matches the link in the email.
  • Odd forms of payment. It’s already bad if someone demands money from you over the phone, text message, or email. But it’s especially so if they ask for payment by wire transfer, gift card, or cryptocurrency, since no trusted entity would ever do that. 
  • Extreme urgency. An imposter scam will often give you a ticking clock, like a limited-time sale or a fraudulent transaction that will go through in 24 hours unless you act. You need to remember to slow down and not allow the scammer to scare you into doing something you’ll regret. Reputable companies and your friends would never try to make you feel cornered like this.

Examples of impersonation scams

The following real-world scenarios show how imposter scams play out:

  • Fraudster Evaldas Rimasauskas set up a fake company with the same name as an actual hardware supplier and sent invoices to Facebook and Google employees. Between 2013 and 2015, the scammer stole over $100 million from the two tech giants.
  • In 2019, the CEO of a UK-based energy firm received a phone call from his boss, the chief executive of the firm's German parent company, instructing him to immediately transfer 220,000 euros (roughly $243,000 at the time) to a Hungarian supplier’s bank account. Little did he know that he was actually speaking to a scammer who was using AI technology to impersonate his boss’s voice.
  • In 2025, a 53-year-old French woman was convinced by fraudsters that she was in a relationship with actor Brad Pitt. They used AI images and fake messages to impersonate the actor. The scammers pretended that Pitt needed money to pay for kidney treatment and extracted 830,000 euros ($850,000) from her.

Who do impersonation scammers target?

One of the most unsettling things about impersonation scammers is that they target everyone, from the largest, seemingly most impenetrable companies to individuals like you. If you have access to money, bank accounts, or personal data, you could be a potential victim. So you can’t rest easy with the notion that you’re not important enough for a scammer to go after. The best you can do is learn as much as you can about how to spot these scams and avoid them.

What to do if you’ve been targeted by an impersonation scam

If you suspect that you are the target of an impersonation scam, you must act fast. This realization can occur at various points in the process. We’ll discuss three different scenarios and the best way to handle each one.

If you shared information but didn’t lose money

You need to cut contact with the scammer right away. Change the passwords of all affected accounts, like your email, bank, and social media. Make sure to use strong, unique passwords with capital letters, numbers, and symbols. Report potential fraud to your bank or credit card company, even if you didn’t lose any money. Run an antivirus scan on your computer and phone for malware as well.

If you sent money

Contact your bank or credit card company immediately to report fraud, request a stop payment, and monitor for suspicious activity. If you paid the scammer with gift cards, wire transfers, or cryptocurrency, get in touch with those companies and platforms to see if they can cancel the transactions. You must replace all passwords to online accounts with strong, unique ones.

If you suspect an attempt but didn’t fall for it

Even if you didn’t fall for an online scam, you should still change your online account passwords and run an antivirus scan for malware to be safe. Adding fraud alerts to your credit reports is also a good idea. Most importantly, if you think you were the target of an impersonation scam, you need to report it as soon as possible. The next section will give you the information you need to report imposter scams.

How to report impersonation scams

You can report impersonation scams in a few different ways, and you should use all methods that apply:

  • For general fraud, report to the Federal Trade Commission.
  • For internet crimes, file a complaint with the FBI’s Internet Crime Complaint Center.
  • For fake social media profiles, report directly to the platform and the FTC.
  • For immediate threats or financial losses, file a police report with local law enforcement.

How to protect yourself from impersonation scams

You may be pretty wary of becoming a victim of an imposter scam at this point, but you can take several steps to prevent it. Consider these tips to protect yourself from impersonation scams:

  • Never share sensitive data. A real representative of a reputable company or government agency would never contact you by phone or text message and demand personal information. If you receive this kind of communication, it is likely a scam.
  • Verify contact information independently. When you receive an email, call, or text that is allegedly from a trusted company, look up the official phone number or website to ensure that it is legitimate. You can also contact the company directly to confirm the request.
  • Use multi-factor authentication (MFA). In addition to your username and password, MFA requires at least one other factor, like a code sent to your cellphone, to log in to an account. Using it will help protect your accounts from scammers, even if they manage to learn your login info.
  • Be skeptical. Whenever you receive an unexpected email or phone call from a supposedly trusted entity, stay on guard. Look for the signs of an impersonation scam and don’t allow yourself to be taken in by urgent demands or threats.
Hand holding a phone displaying NordProtect's Dark Web Monitoring alerts

Protect yourself
with dark web
monitoring

Get notified and act immediately.

FAQ

What is the difference between impersonation and identity theft?

Impersonation scams involve someone pretending to be a trusted person or organization to trick you into sending money or sharing information. Identity theft occurs when criminals steal your personal information (like your Social Security number or credit card details) and use it to commit fraud in your name. Visit NordProtect's website to learn how to protect your personal information. NordProtect’s identity theft recovery offers professional assistance and financial support to help victims recover from identity theft.

Can I get my money back from an impersonation scam?

Yes, you can often get your money back from an impersonation scam, but it depends on a few different factors. As soon as you realize you have been the victim of an impersonation scam, you must get in touch with your bank or credit card company right away. If you do, they may refund your losses (though this situation is less likely if you authorized the payments yourself rather than someone pretending to be you). Payments in the form of gift cards and wire transfers are very difficult to recover.

How can I verify if a government agency is really contacting me?

Government agencies use mail first, so any other form of communication is automatically suspicious. At the same time, you don’t want to take the chance of dismissing something important. When you are supposedly contacted by a government agency through email, a phone call, or a text, never trust the caller ID or links in messages. Instead, look up the agency’s official phone number and call it to verify that the call or message was legitimate.
Author image
Ugnė Zieniūtė

Ugnė is a content manager focused on cybersecurity topics such as identity theft, online privacy, and fraud prevention. She works to make digital safety easy to understand and act on.

Popular articles

What is the dark web, and how does it work?

Author image

Ugnė Zieniūtė

December 31, 2025

Cyber insurance vs. data breach insurance: Key differences

Author image

Dominykas Krimisieras

December 30, 2025

What information do cybercriminals steal?

Author image

Ugnė Zieniūtė

December 18, 2025

The credit scores provided are based on the VantageScore 3.0® credit score by TransUnion® model. Lenders use a variety of credit scores and may utilize a different scoring model from VantageScore 3.0® credit score to assess your creditworthiness.

You have numerous rights under the FCRA, including the right to dispute inaccurate information in your credit report(s). Consumer reporting agencies are required to investigate and respond to your dispute but are not obligated to change or remove accurate information that is reported in compliance with applicable law. While this plan can provide you assistance in filing a dispute, the FCRA allows you to file a dispute for free with a consumer reporting agency without the assistance of a third party.

No single product can fully prevent identity theft or monitor every single transaction.

Some features may require authentication and a valid Social Security Number to activate. To access credit reports, scores, and/or credit monitoring services (“Credit Monitoring Services”), you must successfully pass your identity authentication with TransUnion®, and your VantageScore 3.0® credit score file must contain sufficient credit history information. If either of these requirements is not met, you will not be able to access our Credit Monitoring Services. It may take a few days for credit monitoring to start after a successful enrollment.

NordProtect's dark web monitoring service scans various sources where users' compromised personal information is suspected of being published or leaked, with new sources added frequently. Service logos displayed in dark web monitoring alerts are provided by Logo.dev and represent services where users have accounts. These logos are included in alerts to help users quickly identify which service may have experienced a data breach affecting their personal information.

However, there is no guarantee that NordProtect will locate and monitor every possible site or directory where consumers' compromised personal information is leaked or published. Accordingly, we may not be able to notify you of all your personal information that may have been compromised.

Identity and cyber protection benefits are available to customers residing in the U.S., including U.S. territories and the District of Columbia, with the exception of residents of New York and Washington. Benefits under the Master Policy are issued and covered by HSB Specialty Insurance Company. You can find further details and exclusions in the summary of benefits.

Our identity theft restoration service is part of a comprehensive identity theft recovery package that offers a reimbursement of up to $1 million for identity recovery expenses. To access the support of an identity restoration case manager, you must file a claim with HSB, which NordProtect has partnered with to provide the coverage. HSB is a global specialty insurance company and one of the largest cyber insurance writers in the U.S.

©2025 NordProtect. All rights reserved