impersonation

In cybersecurity, impersonation refers to a deceptive tactic where a malicious actor assumes the identity of a legitimate or trusted individual, organization, or system with the intent to deceive a target. The goal is to trick the victim into performing actions that benefit the attacker, such as divulging sensitive information (e.g., credentials, financial data), making fraudulent payments, or granting unauthorized access to systems or networks. Impersonation attacks often leverage social engineering techniques and can manifest through various channels, including email (e.g., Business Email Compromise - BEC, CEO fraud), phone calls (vishing), text messages (smishing), fake websites, or compromised social media accounts.