At Social-Engineer, we define impersonation as the “practice of pretexting as another person with the goal of obtaining information or access to a person, company, or computer system.” Impersonation is a social engineering tactic that continues to threaten enterprises. The most challenging element of this attack is looking credible and having the correct credentials and papers in order. Bad actors may request entry by posing as a delivery person, or a known vendor pretending to deliver supplies, packages, or food. They may also attempt to infiltrate by using the ‘hold the door’ approach. In this scenario, they pretend to be a fellow coworker who has forgotten their ID card/badge. They then ask someone who is entering the premises to hold the door for them.
The following social engineering news stories show how cybercriminals are using impersonation tactics
Scam artists pose as Arkansas Department of Health officials claiming to conduct restaurant inspections. During the inspection, they demand immediate payment for alleged food safety violations. Arkansas Attorney General Rutledge says the “scam artists are exploiting the stress and burden faced by Arkansas businesses, as the owners focus on tightening their budgets to manage the skyrocketing inflation, supply issues and staffing shortages.”
Authorities say that a woman entered the Riverside University Health System Medical Center posing as a newly hired nurse and was able to gain access to the maternity ward. The woman entered a patient’s room, identified herself as a nurse, and attempted to take the patient’s newborn infant.
These examples illustrate that with careful planning and “looking the part” bad actors can gain physical access to enterprises. Having policies to deal with unknown personnel identification and access is vital to protecting your organization. It is equally important to test employee awareness and adherence to these policies.
Image: i4cP
Test, Educate and Protect with the Social-Engineer Security Assessment Services
The Social-Engineer Security Assessment Services will help your enterprise identify employee vulnerability to impersonation attacks. We deploy professionally trained Social Engineer Team agents for on-site impersonation day or night. We conduct point-in-time testing of vendor/visitor access policies and the physical perimeter. This full-scope program is multi-layered and may include badge cloning, credential harvesting, and network control. Please contact our team of experts and schedule a consultation.
