Impersonation Attacks
October 27, 2022
Attention all SCORE Volunteers: We're alerting you to impersonation and phishing attacks on SCORE volunteers reported recently. This information is for your awareness and to prevent damage in case of future attacks.
What is an Impersonation Attack?

An impersonation attack is a form of fraud in which attackers pose as a known or trusted person to dupe a volunteer into transferring money to a fraudulent account, sharing sensitive information (such as intellectual property, financial data or payroll information), or revealing login credentials that attackers can use to hack into SCORE's computer network. CEO fraud and business email compromise are specific forms of impersonation attacks where malicious individuals pose as high-level executives within SCORE.

These attacks require vigilance on the part of employees and volunteers they are designed to take advantage of human error.
How to identify an impersonation email or message

  • Urgent, short notice requests that involve the transfer money or sensitive information such as bank account information or login credentials.
  • Purchase requests to be completed on behalf of the CEO, often gift cards.
  • Abruptly requesting changes to direct deposit information.
  • Using language that induces urgency and a sense of fear.
Image Examples of Impersonation Attacks
SMS Message:
Hello John,
Are you Available?

Please text me back as soon as possible. Hope to hear from you soon.

Thanks,
Bridget Weston
Chief Executive Officer
Text Message:
Hey Bobby, let me know if you got my text. Rick Peluso

God to hear from you, Bobby. I'm on a conference call meeting right now. And I need you to complete an urgent for me.

I need to provide a client with a gift card. Can you kindly confirm if you can get that done right now?
Email Message: Hi, Hope all's well. Just touching base for a quick task. Kindly get back to me with your Phone number to text you on.

Many thanks!

Bridget Weston
Chief Executive Officer
SCORE Mentors
How to report these attacks?

When employees and volunteers suspect they have been targeted or have been involved in an impersonation attack, they should immediately report the incident by forwarding the email to IThelpdesk@score.org and if its in the form of cell phone message please attach a screenshot.
Important:

Please be advised that a SCORE executive will never message or email you directly for any favors, gift cards or credit card information.
Funded in part through a Cooperative Agreement with the U.S. Small Business Administration. All opinions, conclusions, and/or recommendations expressed herein are those of the author(s) and do not necessarily reflect the views of the SBA.
Copyright © 2022. All Rights Reserved.