Impersonation

Social Engineering πŸ‘₯ β€’ Sec+ Glossary πŸ“– β€’ Security+ 02 β€’ Difficulty: free

What is Impersonation?

Impersonation is a social engineering technique in which an attacker pretends to be a trusted person, role, or organization in order to gain information, access, cooperation, or authority they do not legitimately have.

Examples

  • An attacker poses as an IT support technician and asks an employee to reveal their username and temporary verification code.
  • Someone pretends to be a delivery contractor so they can enter a restricted area without being challenged properly.

Discover πŸ”Ž

People make trust decisions constantly. They trust names, uniforms, job titles, email signatures, familiar logos, internal language, and signs of authority. Impersonation works by abusing that trust. Instead of breaking a security control directly, the attacker borrows the appearance of legitimacy and lets the victim lower the guard for them.

That makes impersonation one of the most flexible social engineering techniques. It can be used in email, phone calls, text messages, video meetings, chat platforms, physical spaces, and support processes. The attacker is not relying on one specific technology. The attacker is relying on the victim’s belief that the person on the other side is who they claim to be.

Remember: In impersonation, the false identity is the attack tool. The attacker gains power by being treated as someone trusted.

Summary πŸ“

Impersonation is a social engineering technique built on false identity and borrowed legitimacy. By pretending to be someone trusted, the attacker increases the chance that the target will reveal information, grant access, or perform a harmful action. Strong defense depends on treating identity as something to verify, not something to assume from appearance, tone, title, or branding alone.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.