Quick overview

Impersonation is scary - but a steady, documented response makes it manageable. The goal is threefold: stop the impersonator, protect your contacts, and restore trust. This guide gives a short, prioritized playbook you can use right away and a printable checklist to keep handy.

Step 1 - First 10 Minutes: Immediate Triage

  • Don't engageDon't message the impersonator or jump into a public argument - it can escalate attention and make things worse.
  • Document everythingScreenshot the impersonating profile, profile URL, public posts/messages, and any DMs. Note timestamps and the platform.
  • Preserve evidenceSave screenshots to a secure folder (cloud + local) and copy URLs. This helps platforms and - if needed - law enforcement.
  • Alert close contacts privatelyTell close friends and colleagues you're being impersonated and ask them not to share the fake account. This reduces spread before the account is removed.

Step 2 - Report to the Platform (next 30–60 minutes)

  1. Use platform-native reporting flows. Most social networks have "report impersonation" routes in security or help centers. Provide the screenshot + URL + a brief explanation.
  2. If the impersonator uses your photo or trademarked material, include proof of identity if the platform requests it.
  3. If the impersonator is scamming your contacts, flag it as fraud/scam in addition to impersonation - this can accelerate removal and trigger warnings to other users.

Tip: Keep a short log of when you reported and any reference numbers the platform gives you. You'll need these for escalation.

Step 3 - Protect Your Accounts & Contacts (hours 1–4)

  • Secure recovery channelsChange passwords for your primary email and other high-value accounts from a safe device. Enable authenticator app 2FA. If you see any signs the real account was touched, follow our Suspicious Login 10-minute playbook.
  • Check sent messages & account settingsEnsure the real account hasn't been taken over and that forwarding rules haven't been added.
  • Notify contacts & customers with a short, calm messageyou're being impersonated; don't click links from the fake account; report anything suspicious.

Step 4 - Escalate If Needed (24–72 hours)

  • Business or high-risk impersonationContact the platform's trust & safety team and request escalation. Provide your full documentation and any prior report reference numbers.
  • If harm is happening (fraud, theft, threats)File a police report and pass that reference number to the platform. For a broader incident playbook, see our Incident Detection & Response guide.
  • Work with legal or PR if public/noisyCoordinate a short public statement. Keep it calm and factual - don't amplify the fake account.

Step 5 - Recover & Prevent (days → ongoing)

  • If impersonation used stolen contentrequest takedowns and rotate credentials if any were exposed.
  • Strengthen identity hygieneuse masked emails for public contact points, a virtual phone for non-critical signups, virtual cards for public payments, and run a Risk Checkup to find exposed or reused credentials. For the full identity toolkit, see our Digital Identity Hygiene guide.
  • Teach your communityshare a brief post describing what happened and what to watch for - without amplifying the fake account.

Prevention Checklist - Stop It Before It Starts

  • Use distinct contact channels - masked emails and a virtual phone for public-facing profiles so your real contact details aren't harvestable.
  • Keep high-value accounts secured with authenticator-based 2FA and unique passwords.
  • Run occasional searches for your name/handles and set Google Alerts so impersonation gets noticed early. For the full social profile audit routine, see our Social Footprint guide.
  • Use Site Scanner before linking to external sites and run a periodic Risk Checkup. For the link-scanning habit, see our Scan Before You Click guide.

Impersonation Response Checklist

IMMEDIATE (0–10 MINUTES)

  • Don't engage the impersonator.
  • Screenshot profile, posts, messages - save URLs and timestamps.
  • Save evidence to cloud + local folder.
  • Tell close contacts privately (don't amplify).

REPORT (10–60 MINUTES)

  • Report impersonation via platform's official flow (attach screenshots + URL).
  • Flag as fraud/scam if they are scamming contacts.
  • Save platform report ID / reference number.

PROTECT (1–4 HOURS)

  • Change primary email password from a safe device; enable authenticator 2FA.
  • Review account sessions & revoke unknown sessions.
  • Notify customers/contacts with a calm, factual message.

ESCALATE (24–72 HOURS)

  • Contact platform's trust & safety team if public/urgent.
  • File a police report if financial theft, threats, or identity theft occurred.
  • Share police report number with platform for escalation.

RECOVER & PREVENT (DAYS → ONGOING)

  • Run Risk Checkup to find exposed credentials → fix top items.
  • Move public contact points to masked email / virtual phone.
  • Use virtual cards for any public payments tied to your profile.
  • Set up monitoring (Google Alerts) & periodic manual checks.
  • Communicate a short public note once resolved (facts only).

Impersonation is fixable if you act deliberately. Document, report, secure, and reach out to your network. The five steps above give you a clear sequence - no panic required.

Get the Impersonation Response Checklist

Step-by-step guidance + Ivy tools - Masked Emails, Virtual Phone, Risk Checkup, and Site Scanner - to stop impersonators and prevent the next attempt.