An impersonation attack occurs when a malicious user impersonates a legitimate user in order to gain access to a secure computer system, or secure data, associated with the legitimate user.
For example, a malicious user may launch an impersonation attack by pretending to be a legitimate employee of a company in a chat conversation with an IT employee of the company through the company's website. If the IT employee is fooled into believing that the malicious user is actually the legitimate employee of the company, the IT employee may grant the malicious user access to IT systems of the company, such as company computers, company networks, company databases, and company communication systems. In this example, if the malicious user is able to gain access to IT systems of the company through an impersonation attack, the malicious user may then exploit this access to cause catastrophic damage to the company and its IT systems.
In another example, a malicious user may launch an impersonation attack by pretending to be a legitimate bank account holder in a chat conversation with a customer service employee of the bank through the bank's website. If the customer service employee is fooled into believing that the malicious user is actually the legitimate bank account holder, the bank employee may grant the malicious user access to non-public personal information of the legitimate bank account holder, such as the legitimate bank account holder's account number, transaction history, social security number, driver's license number, account username, account PIN, or account password. In this example, if the malicious user is able to gain access to the non-public personal information of the legitimate bank account holder through an impersonation attack, the malicious user may then exploit this access to cause catastrophic damage to the legitimate bank account holder and his bank account.
The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one example technology area where some embodiments described herein may be practiced.