Impersonation scams: fake support, fake apps, fake updates

What impersonation actually is

Impersonation scams mimic legitimate actors: support teams, applications, software updates, or other trusted interfaces.

Their goal is simple: convince the user to authorise an action while believing it came from a trusted source. The blockchain does not know who sent the request. It only verifies signatures, and once an action is authorised, execution is valid, regardless of who requested it.

Fake support interactions

Fake support often appears when the user is already uncertain: a blocked transaction, a warning message, an unexpected prompt.

At that moment, an attacker can present themselves as help. The request may feel corrective: reconnect a wallet, confirm ownership, provide recovery information, follow a recovery step. It does not feel suspicious because it resembles something the user may have done before.

Many of these attacks overlap with Phishing: how to recognize and avoid it, where trust is exploited through messages, websites, or communications that appear legitimate.

The system cannot distinguish real assistance from impersonation. Authority is assumed by the user, not verified by the protocol.

Fake applications and interfaces

Impersonation also targets software directly:

• Fake wallet applications
• Cloned websites
• Lookalike browser extensions

From the user's perspective, everything may appear normal. The interface behaves as expected, but sensitive information can be collected in the background or signatures can be redirected without obvious warning signs.

In many cases, these attacks ultimately introduce the same risks discussed in Malware, keyloggers and clipboard hijacking.

Once control has been copied, the original user and the attacker become indistinguishable to the system.

Fake updates

Update prompts carry a particular kind of authority. They suggest maintenance, security, and routine software care, things most users rarely question.

Fake updates exploit that expectation. Installing them can introduce hostile code into an environment the user already trusts. The blockchain remains unaffected. The compromise happens earlier, before any transaction is signed.

These attacks are closely related to both Malware, keyloggers and clipboard hijacking and Securing your computer and phone for crypto use, because the device itself often becomes the target.

Why impersonation is effective

Impersonation reduces suspicion because the request does not feel out of place.

The user is not asked to do something obviously strange. They are asked to do something familiar, but in the wrong context. Trust is transferred from the legitimate actor to the impersonator. Once the user authorises the action, the system processes it normally because the deception occurred before the signature was created.

Developing the habits described in Using your wallet safely can help reduce the likelihood of trusting the wrong request simply because it looks familiar.