Resources

What is Impersonation?

Impersonation is a technique covering two sub-techniques: Account Holder Impersonation and Official Impersonation. Fraud actors assume trusted identities to bypass verification and manipulate victims into taking harmful actions.

Arsen Team
3 minutes read
What is Impersonation?

Impersonation appears under the Defense Evasion tactic in the MITRE F3 Framework. It is one of the most direct social engineering techniques in the F3 matrix: the attacker claims to be someone the target trusts.

Sub-techniques

Sub-technique Who the attacker pretends to be Primary target
Account Holder Impersonation The bank's own customer Bank staff, contact centre agents
Official Impersonation Bank representative, law enforcement, government agent Customers, account holders

How does Account Holder Impersonation work?

Fraud actors use stolen personal information (name, date of birth, partial account number) to answer security questions and pass knowledge-based authentication (KBA) checks. Combined with phone number spoofing of the victim's own number, the attacker appears to be calling from a recognised customer's phone.

The goal: convince bank staff to grant access, reset credentials, change account details, or authorise a transaction.

How does Official Impersonation work?

Here the roles reverse. The attacker calls the customer, posing as a bank fraud investigator, law enforcement officer, or government official. The authority and urgency of the claimed role pressure the victim into disclosing credentials, approving transactions, or transferring funds.

Vishing is the primary channel. Caller ID spoofing of official numbers (phone number spoofing) makes the call appear genuine.

Key takeaways

  • Impersonation in MITRE F3 has two sub-techniques: Account Holder and Official impersonation.
  • Account Holder Impersonation targets bank staff; Official Impersonation targets customers.
  • Stolen personal data (often from phishing or data breaches) enables convincing knowledge-based authentication bypass.
  • Authority, urgency, and caller ID spoofing are the primary levers in Official Impersonation.
  • Both contact centre staff and customers need targeted training to recognise and resist impersonation attacks.

What is MITRE Fight Fraud Framework™ (F3)?

The MITRE Fight Fraud Framework (F3) is a curated knowledge base of tactics, techniques, and sub-techniques used by fraud actors in cyber-based financial fraud incidents. Developed by MITRE's Center for Threat-Informed Defense in collaboration with FS-ISAC, JPMorganChase, and Lloyds Banking Group, it provides a common language for fraud-fusion teams to describe, detect, and prevent financial fraud. F3 is modeled after MITRE ATT&CK® and focuses on banking institutions as its initial scope.


Book a demo

Discover why Arsen is the go-to platform for helping CISOs, security teams, and IT leaders protect their organizations against social engineering.

Request a demo

Frequently Asked Questions

Vishing is the primary delivery mechanism for both sub-techniques. Voice communication enables real-time social engineering that escalates victim compliance faster than asynchronous channels like email.

Name, date of birth, partial card or account number, recent transaction details, and the registered phone number are typically sufficient to pass knowledge-based authentication. This data is routinely available from data breaches or phishing for information campaigns.

Contact centre agents should be trained to verify identity through multiple factors regardless of what the caller presents, treat caller ID as unreliable, and escalate calls that use pressure or urgency tactics. Arsen's vishing simulation platform tests these reflexes in realistic call scenarios.

It is a Defense Evasion technique with two sub-techniques: Account Holder Impersonation (fraud actor poses as a bank customer to bypass staff verification) and Official Impersonation (fraud actor poses as a bank, law enforcement, or government official to manipulate customers).

Continue reading