As technology continues to become more advanced, it’s more important than ever to be able to identify imposter scams and protect yourself from them. An imposter scam occurs when a scammer pretends to be someone else to deceive an individual into sending them personal identifiable information or money or allowing direct access to bank accounts. In 2023, more than 330,000 business impersonation scams and more than 160,000 government impersonation scams were reported to the Federal Trade Commission (FTC); losses from these scams were more than $1.1 billion, which is about three times what had been reported in 2020.

Imposter scams do not discriminate. Although we typically hear about the elderly being common targets of fraudsters, per the FTC, younger adults, including Gen Z and millennials, were 34% more likely to report losing money due to fraud compared to individuals over 60. Earlier this year, a financial-advice columnist for The Cut put $50,000 in a shoebox and gave it to a stranger, after being duped by a scammer pretending to be an investigator with the FTC.

An imposter scam may start with a text message, phone call, or email — it is likely that those of you reading this blog have received a threatening phone call from the IRS” or a text message from a stranger pretending to be someone you are supposed to know. The FTC has noted that scams involving text messages are on the rise. These fraudsters want you to panic and act irrationally in response to these communications.

Per the FTC, the following are some of the top imposter scams of 2023:

• Copycat account security alerts: An individual receives a text message from a company like Amazon or a bank reporting suspicious activity or unauthorized charges on his or her account. These messages frequently include an additional step, like responding “yes” or “no” to a prompt, or an offer to provide further assistance with the alleged issue. The goal of these messages is to engage in communication that will convince the person to share personal identifiable information.
• Sweepstakes scams:  A scammer convinces someone that they’ve won a prize or a contest and subsequently tricks that person into providing personal identifiable information or paying money to get access to the prize.
• Subscription renewal scams: Phishing emails or text messages attempt to trick people into paying to renew a subscription to a known business. These messages often look legitimate, including company logos and fake invoices; the FTC has seen many instances of this fraud scheme involving a subscription renewal for the Geek Squad.
• Package delivery scams: Fabricated messages about package deliveries from UPS, the Postal Service, FedEx or Amazon indicate that there’s an issue with a package delivery. The message includes a link to a website that typically requests credit card information to process a redelivery fee or update payment information.

Additionally, criminals are using artificial intelligence (AI) to create deepfake videos or phone calls utilizing voice cloning, which has made imposter frauds even more convincing. These methods are typically utilized in a family member scam, where fraudsters will use technology to mimic the voice of a family member to make it sound as if this person is in danger and needs financial assistance. Last year, scammers demanded a $1 million ransom from a mother in Arizona by using AI to clone her daughter’s voice to claim that she had been kidnapped. These scams typically target elderly family members who may be less technologically savvy; however, voice cloning has the potential to fool even the most diligent skeptic.

Action Steps

In 2023, consumers lost $10 billion to fraud, and imposter scams were the most prevalent kind of fraud reported to the FTC. The following are measures CPAs can take to recognize imposter scams and protect their clients:

• Remain educated and communicate.  CPAs need to stay informed about imposter scams and changing technology to be able to identify red flags and tactics used by fraudsters, and they need to communicate this information to clients on a regular basis. Consider creating a newsletter or an awareness campaign regarding new and developing fraud schemes.
• Instill clients with best practices. This could include monitoring bank account statements on a regular basis, avoiding communicating with unexpected text messages from unknown numbers and remaining skeptical and calm in response to unsolicited messages.
• Do an internal controls review.  Review your clients’ internal controls to identify any areas of weakness, especially around data security.

It is important to stay diligent and educated to protect yourself from imposter scams. Remain skeptical and perform your own due diligence in response to suspicious communications. Should you become a victim of a fraud scam, report it to the FTC or the FBI’s internet crime complaint center.