1. Home
  2. Initiatives
  3. Scam School
  4. Impersonation Scams

Impersonation Scams

Thumbnail for Impersonation Scams video

How the Scam Works

Scammers reach out to you pretending to be a person from your work or even someone you know like a friend. They use this tactic to get something out of you, like money or giftcards. They may claim to need a favor, or help.

They usually pose as someone who is real, and attached to an organization or company you are affiliated with. They may pretend to be someone you haven’t actually met, but is listed legitimately on your organization’s webpage, so that they can claim you are supposed to take an action like sending them sensitive company information. Other times they may pretend to be someone you do know, and ask you for a quick favor or ask you to open a linked document.

For example, say you work for a huge company and you don’t know anyone who works in the payroll department. Then one day you are reached out to by “Susan in payroll” asking for your direct deposit info. It’s easy to believe this person is legit - but in reality they could be a scammer who found Susan’s name and position online and is using her credentials to scam you.

Another example would be a scammer impersonating someone you know and work with, saying something like “Hey, I don’t have access to my phone or work email, only my personal Gmail, can you log in and get me some info?”

They choose to be someone familiar to you (either by pretending to be someone you know, or from somewhere you have affiliation) to establish trust and improve the likelihood that you will respond. If they are believable enough, victims willingly give them the information they requested.

How to Beat the Scam

Never give ANY personal or financial information via email or text message. Take a moment to think about it, has this person ever reached out to you requesting information before? Do you even know this person? If unsure about the legitimacy of the message, call the real organization or person and inquire if they are trying to get ahold of you.

Extra Credit Tips

  • It is easy to get caught up in answering emails and not focus as much as one should. If something strikes you as odd, come back to it when you have more time to really look at it, a second look may be all you need to realize the email is a scam.

  • All communications from Notre Dame staff, faculty, students, and clergy are sent from an @nd.edu address, if you get an email stating they are a Notre Dame community member without the Notre Dame credentials, it is most likely a scam and should be disregarded.

What to do if you think you have been scammed:

If you gave your credit card information, call your provider and immediately freeze your account. If you gave banking information, call your bank and inform them of the situation. Representatives will walk you through the next steps of how to move forward when your financial information is compromised.

Bonus Lesson: Spot Social Engineering Scams

In everyday work life, we typically expect that everyone we interact with is legit and telling the truth. We usually have our guard down. This vulnerability is what scammers use to get in and take advantage. Online polls or quizzes may appear innocent, but scammers can utilize a person’s answers to get clues about what their password could be. With enough bits of information about you, scammers can put the pieces together and gain access to various accounts you utilize.

Although online quizzes may be fun to take, realize how much information you truly are giving away about yourself. If you wouldn’t tell a person on the sidewalk this information, don't put it on a quiz on the internet.

Social engineering can also take the form of a scammer pretending to be someone they found on social media. For example, they may pretend to be someone working for an organization who needs help accessing their account. They contact the company’s help desk for account access, pretending to have gotten themselves locked out by some strange way. The help desk grants the person access because they were able to do just enough to provide the proof needed to be “verified” as the person they are pretending to be. Information they learned from that person’s social media account.