What Is Impersonation Scam Calls and Why Is It Dangerous?
Impersonation scam calls are a deceptive tactic where fraudsters pretend to be someone they're not – typically representatives from trusted organisations like banks, government agencies, law enforcement (like the police), or even utility companies. These scammers often use sophisticated technology to "spoof" their phone numbers, making it appear as if the call is coming from a legitimate source, such as a known bank's helpline or a police station's official number. This technique is a form of 'vishing' (voice phishing), designed to exploit trust and create a sense of urgency or fear.
We've analysed hundreds of such messages and calls reported by users, and the danger lies in their ability to manipulate victims through social engineering. Victims who reported this scam described intense pressure, often leading them to believe their money is at risk or they are under investigation. As reported by Action Fraud UK (UK), these criminals employ increasingly sophisticated and persistent tactics, driving significant financial harm to victims. The scam is dangerous because it can lead to direct financial loss, identity theft, or compromise of personal banking details.
How Does This Scam Work? (Step by Step)
Scammers execute impersonation calls with a calculated approach:
- Initial Contact & Impersonation: The scammer contacts the victim, typically by phone, but sometimes preceded by a fraudulent text message (smishing) or email (phishing). They pretend to be from a legitimate organisation, like your bank, the police, or a government department. They use "spoofed" phone numbers that match the official numbers of these organisations, making caller ID appear genuine. This initial contact might reference a fake "unusual transaction," a "security breach," or a "tax issue."
- Building Trust/Creating Urgency: The scammer uses social engineering tactics to build trust or instill panic. They might sound authoritative, polite, or extremely urgent. They might claim your bank account is compromised, you owe taxes, or you're involved in a money laundering investigation. According to Action Fraud UK, these tactics are designed to overwhelm victims and bypass their critical thinking.
- Information Harvesting or Action Inducement: Once they have your attention and trust (or fear), they'll push for action. This could involve:
- Credential Harvesting: Asking for personal details like bank account numbers, PINs, passwords, or OTPs (One-Time Passwords) under the guise of "verifying your identity" or "securing your account."
- Money Transfer: Instructing you to transfer money to a "safe account" (which is actually controlled by the scammer) to "protect your funds."
- Gift Card/Crypto Purchase: Demanding payment in untraceable forms like gift cards or cryptocurrency for alleged fines or services.
- Courier Fraud Setup: In some cases, as seen in reports to Action Fraud UK, they might instruct you to withdraw cash and hand it over to a "courier" who will supposedly take it for safekeeping or "forensic analysis."
- Executing the Fraud: Once the victim complies, the scammer either gains access to their accounts using the harvested credentials, disappears with the transferred money, or obtains the physical cash/assets. The victim often doesn't realise they've been scammed until it's too late.
What Are The Warning Signs?
- Unexpected Contact and Urgency: You receive an unsolicited call from someone claiming to be from a bank, police, or government agency, demanding immediate action. They often threaten consequences if you don't comply instantly.
- Requests for Sensitive Information: They ask for full passwords, PINs, OTPs, or to log into your online banking while on the call. Legitimate organisations will never ask for your full password or OTP over the phone.
- Instructions to Transfer Money to a "Safe Account": Any request to move your money to a different account for "security" reasons is a major red flag. Banks will never ask you to do this.
- Demands for Payment in Unusual Methods: Asking for payment in gift cards, cryptocurrency, or to hand over cash to a "courier" are classic scam tactics.
- Caller ID Spoofing: While the caller ID might show a legitimate number (a "spoofed sender"), the conversation will contain red flags mentioned above. Don't trust Caller ID alone.
- Requesting Remote Access to Your Device: If they ask you to download software or give them remote access to your computer or phone to "fix" a problem.
- "Keep it a secret" Instruction: The scammer insists you don't tell anyone about the call, especially family or friends.
Scam vs Legitimate: How to Tell the Difference
| Scam Behaviour | Legitimate Organisation Behaviour |
|---|---|
| Demands immediate action and threatens severe consequences (arrest, account closure) if you don't comply. | Will give you time to think, verify, and call them back. They respect your right to hang up and verify. |
| Asks for your full password, PIN, or OTP/verification codes over the phone or via email. | Will NEVER ask for your full password, PIN, or OTPs verbally or via unsecured channels. They might ask for specific digits from a password you know. |
| Instructs you to transfer money to a "safe account," buy gift cards, or hand cash to a "courier." | Will NEVER ask you to transfer money to a different account for "safety" or demand payment in gift cards/cash for services. |
| Pressures you to keep the conversation confidential from family, friends, or even bank staff. | Encourages you to talk to trusted individuals or verify any concerns with them directly. |
| Relies solely on unsolicited calls/messages for critical issues, despite spoofed caller ID. | Prefers secure channels (online banking portals, official letters) for critical communications. If they call, they will ask you to verify them. |
Who Is Being Targeted and Why?
Impersonation scam calls can target anyone, but specific demographics are often disproportionately affected. According to Action Fraud UK, individuals aged 70 and over are frequently targeted by schemes like courier fraud, which often originates from such calls, resulting in significant financial losses. This vulnerability can stem from a variety of factors: they might be more trusting, less familiar with rapidly evolving digital fraud tactics, or more susceptible to high-pressure social engineering tactics that exploit fear (e.g., threats of legal action or losing their life savings).
Scammers also target busy professionals, small business owners, or anyone who might be preoccupied and therefore less likely to scrutinise an unexpected call. They exploit common human psychological triggers: urgency, fear of missing out, desire to comply with authority figures, and the instinct to protect one's finances. The rise of sophisticated spoofing technology allows scammers to appear incredibly convincing, making it harder for even tech-savvy individuals to distinguish a scam from a legitimate call, especially if they are distracted or stressed.
What Should You Do If You Receive This?
- Hang Up Immediately: Do not engage with the caller. If something feels off, trust your gut and end the call.
- Verify Independently: If you're concerned the call might have been legitimate, do NOT call the number back that just called you, even if it appeared official. Instead, use an independent source to find the organisation's official contact details (e.g., their official website, a statement, or the back of your bank card) and call them directly to verify.
- Never Share Sensitive Information: Absolutely never provide your full password, PIN, OTPs, or banking details over an unsolicited call.
- Do Not Transfer Money or Buy Gift Cards: Ignore any instructions to move money to a "safe account" or purchase gift cards/cryptocurrency for payment.
- Report to Your Local Cybercrime Authority: If you have been affected or suspect an attempted scam, report it immediately. In the UK, this is Action Fraud UK. For Indian users and worldwide, report to your local cybercrime authority.
How Can You Stay Safe?
Staying safe from impersonation scam calls requires vigilance and proactive measures:
- Be Skeptical of Unsolicited Contact: Always be wary of unexpected calls, especially those demanding immediate action or personal information. A legitimate organisation will rarely call you out of the blue to demand sensitive details or financial transfers.
- Verify, Verify, Verify: If you receive a call claiming to be from your bank or a government agency, hang up and call them back on their official number (found independently, not given by the caller). Don't use numbers provided by the suspicious caller.
- Protect Your Personal Information: Treat your passwords, PINs, and OTPs as confidential. Never share them with anyone, regardless of who they claim to be.
- Educate Yourself and Others: Stay informed about the latest scam tactics. Share information with elderly family members or vulnerable friends who might be targeted.
- Use Security Software: Ensure your devices have up-to-date antivirus and anti-malware software.
- Leverage Scam Detection Tools: Use platforms like ScamCheck (scamcheck.tech) to verify suspicious numbers, messages, or emails before you interact with them. ScamCheck can help you identify known scam patterns and report new threats, adding an extra layer of protection against these evolving fraudulent schemes.
- Report All Attempts: Even if you didn't fall victim, reporting scam attempts helps authorities track and disrupt criminal operations, as highlighted by investigations like the "SMS Blaster" fraud mentioned by Action Fraud UK.
Verified by ScamCheck Research Team. Source: Action Fraud UK.