BlackCloak Knowledge Base
Protect Your Digital Life ™
In this article
Step 1: Configure the correct permissionsStep 2: Set up Impersonation ProtectionWhen should I use Impersonation Protection?How to initiate a challengeTo initiate a challenge:To respond to a challenge:What if the verification is denied?
Home
Client Guides

Impersonation Protection Set Up

Edited

BlackCloak’s Impersonation Protection feature is an in-app integration to help our members combat deepfake, or impersonation scams. Impersonation Protection securely authenticates the communication you receive from other BlackCloak members with whom you share a connection to ensure maximum trust in remote communications.

Before starting the setup process, ensure your BlackCloak application is updated to version 2.52 or later. If you aren't sure if it is, reach out to the BlackCloak Team for confirmation. As a note, the BlackCloak Team is ready and willing to assist you in setting up your Impersonation Protection integration. If you’d prefer to have a Concierge Team Member assist you in setting up the integration, please reach out via ask@blackcloak.io or by phone at (833) 882-5625.

Follow these two easy steps to activate the Impersonation Protection feature: 

Step 1: Configure the correct permissions

  1. Open the BlackCloak App

  2. Tap the Menu (side navigation)

  3. Look for "Impersonation Protection"

    1. If missing: Stop and reach out to the BlackCloak Team for assistance

  4. Enable Biometrics (FaceID), Location, & Notifications within the settings of the iPhone

    1. Enabling these settings is essential for Impersonation Protection to function. FaceID proves it's you, Location verifies where you are, and Notifications allows you to receive the alert when someone requests to authenticate a communication. View tutorial here.

Step 2: Set up Impersonation Protection

  1. After granting the correct permissions, return to the BlackCloak application and select Impersonation Protection in the menu

  2. When prompted, select Allow or While Using the App for Location, Biometrics, and Notifications

Congratulations! Impersonation Protection has been configured and set up for your account.

When should I use Impersonation Protection?

Impersonation Protection’s purpose is to confirm the communication you receive from other BlackCloak members with whom you share a connection in a seamless and hyper-secure way. Here are a few guiding principles surrounding when to use Impersonation Protection:

  1. Initiate Impersonation Protection immediately if someone reaches out under the following conditions:

    1. Requests for wire transfers (even “legitimate” ones via coworkers), gift cards, or changing bank details

    2. Requests for passwords or 2FA codes

    3. Requests for confidential documents

    4. Urgent texts from unknown numbers or "out-of-band" emails

If you get a suspicious text, STOP. Do not reply. Switch to the BlackCloak app and initiate an Impersonation Protection request (“challenge”).

How to initiate a challenge

In the event you do receive suspicious communication, ask the other individual to confirm the communication you receive . We call this confirming a “challenge”.

To initiate a challenge:

  1. Open BlackCloak App > Impersonation Protection > Send Request

  2. Select Contact: Choose the family member/colleague who sent the message

  3. Under “Add Context”, enter a clear reason for which you are initiating the challenge so that the other individual understands your reasoning. Provide as much detail as possible, including details such as the specific dollar amount asked for in the suspicious message, the bank name referred to, or the file name being requested.

    • ex: "Received text asking for a $50k wire to Chase Bank. Confirming it is you."

  4. Ensure Biometrics and Location are toggled ON

  5. Tap Send Request

To respond to a challenge:

  1. On the other hand, when you receive a “challenge”, or authentication request from another party, you'll receive a push notification. Once you click on the notification, you'll be directed to the validation screen.

  2. If you sent the communication in question, tap Confirm. This communicates: "I see your concern, and I am affirming I sent the communication."

  3. Next, the phone scans your Face/Fingerprint and captures your general City/State for further validation.

  4. If all the verification points are legitimate, the person who sent you a challenge gets the "Confirmed" notification.

What if the verification is denied?

Here are a few reasons an Impersonation Protection request might be denied:

  1. Biometrics unconfirmed: The person holding the phone is not the owner.

  2. Request denied: The other person actively rejected the validation request, meaning they didn’t send the communication.

  3. "Never received it": The real user claims they never got the notification (meaning a hacker might have their SIM card/device).

  4. Expired Request: An expired request indicates a lack of response by the recipient. When a request expires, it can be a sign that the individual in question does not have access to their trusted devices. Depending on the situation, this could indicate a compromise and should be treated with caution. 

In the event that the Impersonation Protection challenge fails:

  • Stop: Do NOT take any action requested by the suspicious communication or attempt to contact the other person directly

  • Report: Notify the BlackCloak Security Team and your internal security team immediately

  • Assume compromise until proven secure: Treat the original communication channel as compromised until proven to be secure

Impersonation Protection
BlogContact UsGo to BlackCloak.io