Stay informed on impersonation threats in cyber security. We provide the latest news and insights on identity spoofing and fraud prevention tactics.
Search across headline titles and summaries.
Background for this topic.
Impersonation is an act of pretending to be another person for the purpose of deception. In the context of information security, this involves mimicking the identity or attributes of an authorized user, system, or entity to gain unauthorized access to information or resources, typically for malicious reasons such as fraud, data theft, or breach of privacy. Impersonation attacks often exploit trust relationships and can be executed through various methods including phishing, social engineering, or the use of stolen user credentials.
Impersonation can occur on multiple levels within information systems. For instance, attackers might impersonate end-users through credential stuffing or account takeover. They could also pose as administrators to elevate their access privileges within a network. Additionally, impersonation might target entire systems or services, such as through domain spoofing or man-in-the-middle attacks that deceive other entities into believing they are communicating with a trusted source.
The threat of impersonation underscores the need for robust authentication and verification mechanisms within cyber security practices, such as multi-factor authentication, strict access controls, employee training, and awareness to defend against such insidious attacks effectively.
Weekly headline count for the current query.
Hacking voting machines is so 2017. Phishing, impersonation pose the real election risks
Threat actors from the Silent Ransom Group, aka Luna Moth, are escalating attacks by impersonating IT staff in phone calls and even showing up in person to gain direct access to victim systems
The FBI is warning of fake websites impersonating FIFA ahead of the 2026 World Cup, to steal personal and financial information, sell fake tickets and hospitality packages, and push other fraud related to the event. [...]
Most malicious open source packages now mimic real code rather than rely on typosquatting
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026
A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a Rust-based information stealer to Windows users
Intro A sophisticated, high-resilience malicious campaign was identified by Atos Threat Research Center (TRC) in March 2026. This operation specifically targets the high-privilege professional accounts of enterprise administrators, DevOps engineers, and security analysts by impersonating administrative utilities they rely on for daily operations. By integrating Search Engine Order (SEO)
Coming in cold with custom Snow malware A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and helpdesk staff impersonation - is also using custom malware in its data-stealing attacks, according to Google's Threat Intelligence Group.…
A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts
Microsoft is warning of threat actors increasingly abusing external Microsoft Teams collaboration and relying on legitimate tools for access and lateral movement on enterprise networks. [...]
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information. [...]
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of a new phishing campaign in which the cybersecurity agency itself was impersonated to distribute a remote administration tool known as AGEWHEEZE
Chinese-speaking users are the target of an active campaign that uses typosquatted domains impersonating trusted software brands to deliver a previously undocumented remote access trojan named AtlasCross RAT
Cybersecurity company’s annual report issues warning over a “mass-marketed impersonation crisis” over attackers abusing legitimate credentials
Artificial Intelligence (AI) is changing how individuals and organizations conduct many activities, including how cybercriminals carry out phishing attacks and iterate on malware. Now, cybercriminals are using AI to generate personalized phishing emails, deepfakes and malware that evade traditional detection by impersonating normal user activity and bypassing legacy security models. As a result,
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.
Gartner's Apeksha Kaushik on Why Detection Alone Can't Stop ID ImpersonationOrganizations facing deepfake-driven impersonation attacks must move beyond traditional detection strategies and build stronger identity resilience. Security leaders should adopt layered defenses that combine detection, prevention and broader risk signals to disrupt attackers.
The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. [...]
A suspected Iran-nexus threat actor has been attributed to a campaign targeting government officials in Iraq by impersonating the country's Ministry of Foreign Affairs to deliver a set of never-before-seen malware
Cybersecurity researchers have disclosed details of a new malicious package discovered on the NuGet Gallery, impersonating a library from financial services firm Stripe in an attempt to target the financial sector