What to Do If Someone is Impersonating You on Email?

Email impersonation is a growing form of cybercrime where an attacker pretends to be someone else, often to deceive or steal sensitive information.

The consequences of email impersonation can range from minor annoyances to severe breaches of privacy and security. If you’ve discovered that someone is impersonating you through e-mail, it’s critical to act swiftly to protect your identity, reputation, and sensitive data. 

This article aims to provide you with a step-by-step guide on what to do if someone is impersonating you on email, including how to recognise the issue, take corrective action, and prevent future incidents.

What is Email Impersonation?

Email impersonation is a type of identity theft where someone uses an e-mail address that mimics or exactly matches your legitimate email to deceive others.

Attackers often create a fake email account that appears strikingly similar to your actual one, with minor modifications like an extra letter, a slight domain change, or special characters. In more sophisticated cases, they may hack into your real email account and use it to impersonate you.

Cybercriminals use e-mail impersonation for various purposes:

• Phishing attacks to trick people into divulging sensitive information such as passwords, credit card numbers, or personal details.
• Spreading malware by sending malicious links or attachments.
• Social engineering to manipulate your contacts into believing they are communicating with you.
• Financial fraud, particularly in business email compromise (BEC), where attackers request fraudulent money transfers.

Key Facts

• Egress’s latest Email Security Risk Report reveals that 94% of organisations faced email security incidents, with impersonation attacks being one of the most common tactics.
• Impersonation is used in 89% of phishing emails, with Adobe being the most impersonated brand, followed by Microsoft.
• 14.9% of impersonation e-mails were classified as ‘payloadless,’ relying entirely on social engineering techniques without malicious attachments or links.
• Commodity attacks—large-scale, mass-produced phishing campaigns that imitate popular brands—are also on the rise. In December 2023, these attacks accounted for 13.6% of all phishing mails detected by Egress Defend.

Signs That Someone is Impersonating You on Email

Detecting mail impersonation scam early can help limit the potential damage. Common signs include:

Contacts receiving emails you did not send: If friends, family, or colleagues report receiving suspicious emails from your address that you did not send, this may indicate impersonation.

Login attempts from unknown locations: Regularly check your e-mail account’s login history for any activity from unfamiliar locations or devices, as this could signal that someone has accessed your account.

Bounce-back emails for messages you didn’t send: If your inbox is flooded with undelivered or bounce-back mails for messages you never sent, someone may be using your identity to send fraudulent -emails.

Security alerts from your email provider: Many email services send alerts when they detect unusual activity, such as logins from unfamiliar devices or locations. Pay attention to these warnings, as they can help identify a breach.

Spoofed email addresses: If you notice e-mail addresses that closely resemble yours but with small differences (e.g., “john.doe123@gmail.com” instead of “john.doe@gmail.com“), someone may be trying to impersonate you by spoofing your mail.

Staying alert to these signs can help protect you from the risks of e-mail impersonation.

What to Do If Someone is Impersonating You on Email?

If you suspect or confirm that someone is impersonating you via mail, act quickly to protect yourself and minimise the damage.

Change Your Passwords

The first thing you should do is change the password for your e-mail account. Make sure the new password is strong, with a combination of letters, numbers, and special characters. Avoid using common passwords or ones that are easy to guess.

Enable Two-Factor Authentication (2FA)

Two-factor authentication adds an extra layer of security by requiring a second form of verification (such as a text message or authentication app) when logging into your account. This makes it much more difficult for hackers to gain access to your e-mail, even if they have your password.

Notify Contacts of Impersonation

Let your contacts know as soon as possible that someone may be impersonating you. Warn them not to click on any suspicious links or attachments from your actual email address and to confirm any strange requests directly with you before responding.

Report the Impersonation

Once you’ve taken immediate steps to secure your account, it’s important to report the impersonation to relevant authorities and organisations to stop further harm.

Report to Your Email Provider

Most email service providers like Gmail, Yahoo, and Outlook have mechanisms for reporting impersonation.

You can often find “Report Phishing” or “Report Abuse” options in their help or security sections. Submit a detailed report of the impersonation, providing examples of suspicious mails, and follow the provider’s steps to block or shut down the impersonator’s account.

Report to Law Enforcement or Cybercrime Agencies

In severe cases, such as financial fraud or threats to your personal safety, it is essential to contact law enforcement.

Many countries have dedicated cybercrime units, and you can also report impersonation incidents to organisations like the Federal Trade Commission (FTC) in the U.S. or Action Fraud in the U.K. For more extensive international cases, you might report to Interpol.

Report to the Impersonator’s Email Provider

If you can identify the impersonator’s mail provider (such as Gmail, Outlook, or a custom domain), report the e-mail address to the mail provider. Most companies have abuse reporting tools that allow you to flag accounts that are engaging in impersonation or phishing.

Legal Actions You Can Take

In addition to reporting impersonation to your e-mail provider and law enforcement, there are legal avenues you can pursue to protect your rights:

• File a police report: If impersonation results in identity theft, fraud, or financial loss, you may need to file a police report.
• Seek a restraining order: In cases where e-mail impersonation fraud is part of a larger pattern of harassment, stalking, or intimidation, you may be able to seek legal protection through a restraining order.
• Consult a lawyer: For cases involving significant financial losses, defamation, or damage to your reputation, consult a lawyer with experience in cybercrime or intellectual property law.

Strengthening Your Online Security

After handling the initial crisis, it’s important to reinforce your overall online security to prevent further impersonation attack.

Use Strong Passwords

Using strong and unique passwords for all your accounts is important. Passwords should be a mix of uppercase and lowercase letters, numbers, and special characters. Avoid using the same password across multiple platforms.

Monitor Your Accounts Regularly

Regularly check your e-mail, social media, and financial accounts for any unusual activity. Most mail providers offer activity logs that display recent sign-ins and locations. If you see anything suspicious, act immediately by changing your password or locking your account.

Educate Yourself and Your Contacts

Educate yourself about phishing scams and other cyber threats. Share this information with your contacts, as they are often the targets of online impersonation schemes. Teach them how to recognise suspicious emails and verify unusual requests before acting on them.

Real-World Examples of Email Impersonation Attacks

To illustrate the severe impact of email impersonation attacks, here are some notable real-world incidents and their consequences:

• RSA Security Breach (2011): Attackers sent malicious emails with an infected Excel attachment to RSA Security employees. This phishing attack installed a backdoor, allowing hackers to steal sensitive data. It underscored how easily phishing can bypass even sophisticated cybersecurity defenses.

• Target Data Breach (2013): Cybercriminals launched a spear-phishing attack on a vendor connected to Target’s network, leading to a massive data breach that compromised over 40 million debit and credit card accounts. This case highlights the vulnerabilities of interconnected systems and the need for stringent vendor security practices.
• Ubiquiti Networks Scam (2015): Ubiquiti Networks lost $46.7 million when impersonators impersonated company executives and sent fraudulent wire transfer requests to the finance department. This shows how social engineering can deceive even tech-savvy firms.
• CEO Impersonation Scam: Following a successful “whaling” attack in late 2015, FACC, an aerospace business dealing in aircraft systems and components, lost $47 million. In one instance, the hackers pretended to be the FACC CEO to coerce a worker into sending money.
• Facebook and Google BEC Scam: Over two years, criminals impersonated an Asian hardware vendor to defraud Facebook and Google out of $121 million through fraudulent payment requests, demonstrating the risk to major corporations.
• Toyota Subsidiary (2019): Attackers impersonated a Toyota executive, convincing the finance department of a subsidiary to transfer $37 million, emphasising the financial risks posed by executive impersonation.

How to Prevent Future Impersonation?

Once you’ve dealt with the immediate threat of email-based impersonation scams, take preventive steps to avoid future incidents.

Monitor your digital presence: Regularly search for your name and e-mail address online to check for any fake profile or unauthorised activity.

Use custom domain emails: If you’re a business or professional, using a custom domain (e.g., yourname@yourbusiness.com) adds a layer of security and professionalism, making it harder for impersonators to mimic your mail.

Regularly update your security settings: Keep your email software and devices updated to the latest security patches. Review your security settings often to ensure they are at the highest levels.

Be Careful with Personal Information Online: Avoid sharing personal information such as your full name, phone number, or e-mail address in public forums or social media profiles, which can make it easier for attackers to impersonate you.

Use a Password Manager: Many people use weak or easily guessable passwords across multiple accounts, making it easier for attackers to impersonate them. A password manager can generate and store complex, unique passwords for each of your accounts, significantly reducing the risk of compromise.

Regularly Update Your Passwords: Make it a habit to update your passwords regularly, at least every 6 to 12 months. Regular password changes reduce the likelihood of someone gaining prolonged unauthorised access to your accounts.

Enable Security Alerts: Most email services allow you to enable security alerts that notify you when suspicious activity is detected, such as a login from an unfamiliar location or device. Enable these alerts to stay aware of any attempts to compromise your account.

Consider Using Email Signing Certificates E-mail signing certificates, also known as digital signatures, are a more advanced way of protecting your e-mail identity. These certificates verify the authenticity of the email sender and the content of an e-mail. It’s a form of encryption that can be used by organisations or individuals who deal with highly sensitive information and want to prevent impersonation.

What’s Next?

If you suspect someone is impersonating you via email, immediate action is important to protect your reputation and digital security.

First, update your online account passwords and ensure two-factor authentication is enabled to safeguard against further credential theft emails. Use digital security software to scan for any malware or unauthorised access to your mail server. Inform your contacts about the impersonation email to prevent them from falling victim to phishing or other online scams.

Check your sent emails for suspicious file attachments or any signs of domain spoofing that mimic legitimate domains. A fake email address may closely resemble yours, so inspect closely for small variations.

If you are an influential person or handle sensitive business information, attackers may target you more aggressively. Review email filters and settings to block future attempts and consult experts to secure your mail servers.

Take control of your email security today! If someone is impersonating you, advanced protection tools of Bytescare can help you stop them. Book a demo now and safeguard your online identity.

FAQs