Consumer Protection Tuesday: How to Detect and Avoid Impersonation Scams
Tl;dr: Impersonation scams are one of the most common forms of fraud. Criminals pose as trusted individuals, such as customer service agents, government officials, banks, or even family members, to pressure victims into sending money or sharing sensitive information. In this guide, we explain how these scams work and share practical steps to help you protect your assets.
This post is part of a weekly Tuesday series at Coinbase about the latest consumer protection and security measures for crypto owners.
At Coinbase, we’re on a mission to help update the financial system to make it safer and more secure. While under 1% of blockchain transactions are used for illicit activity, and cash remains the preferred medium for illegal transactions, crypto security is always a top priority. Coinbase maintains a robust compliance program, which includes Know Your Customer (KYC) checks, sanctions screenings, suspicious activity reporting, and strong law enforcement partnerships to detect and prevent illicit activity on our platform.
The Anatomy of an Impersonation Scam
Impersonation scams are a sort of middle ground between quick-hit phishing scams and long-con pig butchering. They occur when criminals pretend to be someone you trust in order to manipulate you into sending money or revealing sensitive information.
They often use spoofed phone numbers, fake websites, or even AI deepfakes to make their outreach appear legitimate and establish authority. Most impersonation scams follow a predictable pattern designed to build trust and create urgency.
1. Unexpected Contact
The scam begins with an unsolicited message, phone call, or email. The impersonator claims to be a trusted person or organization.
Examples include:
A “customer support agent” contacting you about account activity
A “bank employee” warning about suspicious transactions
A “government official” claiming legal action is pending
A “family member” who urgently needs help
The goal is to create pressure so the victim acts quickly without verifying the request.
2. The Request
Once the victim is hooked, the impersonator asks for something of value.
Common requests include:
Account login credentials
One-time verification codes
Recovery phrases or passwords
Moving funds to a “secure account”
Sending payments through wire transfers, gift cards, or cryptocurrency
These requests are often framed as necessary to resolve the issue.
4. The Vanishing Act
Once the scammer receives the money or sensitive information, communication stops.
Funds are often quickly moved across multiple accounts or wallets, making recovery difficult.
Four Common Scenarios
While the tactics are similar, the stories scammers use can vary widely. Below are several of the most common impersonation scams to watch for.
Fake Customer Support
Criminals frequently impersonate customer support representatives from financial services, technology companies, or crypto platforms.
Victims may encounter fake support phone numbers online or receive unsolicited messages claiming their account needs attention.
Red Flags to Watch For:
Requests for passwords, recovery phrases, or verification codes
Requests to install remote-access software
Messages directing you to unofficial websites or phone numbers
Remember: Don’t trust the first phone number that pops up when googling for a support hotline. Always contact customer support through the official website or app.
Family Emergency Scams
In family impersonation scams, criminals pretend to be a loved one who urgently needs financial help. They may even use voice cloning tools to sound the part.
These scams often rely on emotional pressure and may involve claims of accidents, arrests, or travel emergencies.
Red Flags to Watch For:
Unexpected requests for urgent financial help
Requests to keep the situation secret
Payment requests through unusual methods such as gift cards or cryptocurrency
Create a family safe word or ask personal questions to verify their identity before sending money.
Government Impersonation
Fraudsters sometimes pretend to represent agencies such as the IRS or Social Security Administration.
These scams often involve threats of legal consequences or financial penalties.
Red Flags to Watch For:
Threats of arrest or legal action
Requests for immediate payment
Instructions to move funds to a “secure” account
U.S. government agencies will not demand payment through gift cards, wire transfers, or cryptocurrency.
Bank or Financial Institution Scams
Another common impersonation tactic involves criminals posing as bank employees or fraud investigators.
They may claim suspicious activity has been detected on your account.
Red Flags to Watch For:
Requests to move money to another account for “safekeeping”
Requests for verification codes or login credentials
Pressure to act quickly
No legitimate financial institution will ask you to move funds to another account to protect them.
Simple Ways to Protect Yourself
While impersonation scams can be convincing, a few habits can dramatically reduce your risk:
Verify requests independently. Contact organizations through their official websites or phone numbers.
Pause before acting on urgent requests involving money.
Never share passwords, recovery phrases, or security codes.
Enable multi-factor authentication (MFA) on your accounts.
Talk to someone you trust if a request feels suspicious.
Impersonation scams will continue to evolve as criminals find new ways to mimic trusted institutions and people. From fake customer service agents to fraudulent government officials, these scams rely on deception and urgency.
The best defense is awareness. By understanding how impersonation scams work and recognizing their warning signs, you can help protect your accounts, your assets, and your community.
At Coinbase, we remain committed to educating users and strengthening security across the digital asset ecosystem. By staying informed and sharing these lessons with family and friends, we can all play a role in building a safer financial future.
