FTC: Half of Fraud Involves Impersonation

According to data released by the FTC in its annual Consumer Sentinel Network Data Book, nearly half of the fraud reported to the federal government in 2023 fell into the category of impersonation fraud — 330,000 scams impersonating businesses and 160,000 scams impersonating government institutions.

Allure Security’s online brand impersonation detection data corroborates the FTC’s findings. Impersonation fraud shows no sign of abating. Not only are complaints up from previous years, but monetary losses as well.

The goal of this article is to inform interested parties of recent scam trends impersonating businesses and government institutions as reported by the FTC and to provide further proof that online brand impersonation isn’t easing up. As this problem continues to escalate, brands should be looking to modernize their approach to protecting themselves online.

The State of Fraud In 2023

Whether in terms of reports or dollars lost, fraud was up in 2023. The FTC reports a total of $10 billion in losses and 2.6 million reports in 2023 — up from $9 billion lost and 2.5 million reports in 2022. As noted by the FTC, very few incidents of fraud are actually reported to the government. Even these large numbers of reports and dollars lost are a mere sliver of the entire problem.

Business imposter scams were the most reported fraud subcategory (373,683 reports totaling ~$1,372,765,373 in losses), with government impersonations coming in third (191,079 reports totaling ~$701,949,725 in losses). Excluding reports classified as “unspecified”, scams impersonating businesses and government entities accounted for 48% of all reports sent to the FTC in 2023. Considering reports to the FTC account for all types of fraud, it is hard to overstate the prevalence of imposter scams that have victimized consumers in 2023.

A New Evolution in Fraud Tactics

While it’s not exactly a new development that business and government impersonation scams frequently target consumers, the FTC reports a shift in the methods and tactics used to fool people.

In 2023, reports highlighted that scammers frequently impersonate multiple organizations within a single scheme. Where consumers would once receive fraudulent messages posing as a brand or government entity by itself, we now see multiple impersonations within multiple layers of the same scam.

The FTC’s 2024 Imposter Scams Spotlight reports that there is “an increasingly blurred line between business and government impersonation scams: many scammers impersonate more than one organization in a single scam.” This may, for instance, take the form of a fake government email directing users to a fake bank website designed to harvest user credentials, or that same website/email instructing users to contact a scammer posing as an official corporate or government entity.

Contact Method Effectiveness

A scam’s contact method has played a large role in efficacy over recent years. The FTC reports a correlation between contact method or “invite vector” and a scam’s effectiveness.

Scams that use websites, apps, and social media as a contact method are up year over year in both prevalence and danger. Increasing by just under 33,000 reports, 2022’s study logged 342,423 fraud reports using web, social, or mobile as an attack vector – whereas 2023 saw 375,055 – about a 10% increase. These contact methods were mentioned in 25% of 2023 fraud reports and were by far the most likely to report monetary losses resulting in $2.38 billion in monetary damages — up 12% over 2022.

Contact Methods More Likely to Result in Monetary Loss

Fraud schemes that used websites or apps as their contact method saw 60% of victims report monetary loss. Fraud with social media as a contact method saw 68% of victims report monetary loss. Comparing these attack vectors and their associated monetary loss with other contact methods, their effectiveness is clear. Fraud stemming from fake websites, social media, or mobile apps will most likely lead to consumer financial damage.

These attack vectors are extremely effective and dangerous, and brands – regardless of their presence (or lack thereof), should prioritize protecting customers across relevant channels. That might look like registering a brand account on social media to establish yourself, clearly communicating where to download mobile apps, and proactively monitoring the internet for website impersonations, deceptive social media profiles targeting your customers, and rogue versions of your mobile apps.

Combatting the Continued Surge in Online Brand Impersonation Fraud

Across the board, fraud is continuing to grow year over year. Scammers are taking advantage of our increasingly online ecosystem, incorporating new methods to victimize more people and do more damage. Abusing the familiarity that consumers have with websites, mobile apps, and social media has proven to be an extremely effective method for introducing scams to exploit consumers. 

Brands should consider managing this risk through a combination of increased communication, proactivity, and presence. 

• Register for social media accounts, regardless of if you plan to use them. This not only gives users a way to recognize your brand in a particular platform but assists in fighting any impersonations that might surface on said platform.
• Register your trademarks and logos with the USPTO. This provides legal grounds for your brand to control the use of its name and logo, making the removal of online impersonations a significantly easier process.
• Clearly communicate where users can download your mobile app and monitor for rogue versions of your mobile app published elsewhere. If your brand’s mobile app is only available for download on official app stores (e.g., the Google Play store or Apple App Store), make sure your customers know by clearly communicating that as often as appropriate.  Actively monitor for mobile fraud and rogue versions of your mobile app on third-party app marketplaces.
• Proactively monitor the web for brand impersonations. Be sure that you have a strategy in place to monitor for any potential impersonations of your brand across the web. For resources on free tools to check out, read our blog on the topic.  Recognize that while free tools exist and do help, the only way to fully protect your customers and get ahead of this problem at a realistic scale is to hire a pro like Allure Security.

---

WHAT YOU SHOULD DO NEXT 

1. Contact us if you’re concerned about how your brand can detect and respond to website, social media, and mobile app impersonations.
2. Learn how fraudulent Google Ads are impersonating trusted brands like yours.
3. Read our blog post about removing harmful brand impersonations from LinkedIn.