What To Do If Someone Is Pretending To Be You Online

Before you do anything: don't panic and don't engage

Discovering an impersonator feels like an emergency. Treated as one, you make mistakes — DMing the fake account, posting an angry thread that doubles its reach, threatening litigation publicly. The first hour is for evidence and structured reporting, not confrontation. Every major platform has a built-in process. Use it.

Step 1 — Confirm the impersonation

Before you file a single report, verify that this is actually impersonation and not a fan account, a parody, or a similarly named legitimate user. Three checks:

• Run the handle through a scanner. Paste the profile URL into the GACS social scanner. You will get back a verdict, the matching impersonator signals, and (if the account is part of a known cluster) links to the related fakes. This becomes evidence later.
• Check who follows it. If the fake's followers are your real followers — fans, family, clients — the intent is to deceive them, not parody you. That's reportable impersonation. If the followers are random bot accounts, it may be an in-progress fake being seeded for a scam.
• Look for outbound activity. Open the fake's recent posts, comments, and (if visible) follows. If they are commenting on your posts, DMing your audience, or replying to people who tagged you, you have concrete harm to cite in the report.

Save the GACS scan result URL. Most platforms accept third-party verification links as supporting evidence during impersonation review.

Step 2 — Report the fake account

Every platform has a different path. Use the exact wording below — vague reports get auto-closed.

X (Twitter)

1. Open the fake profile.
2. Tap the ⋯ menu next to Follow.
3. Choose Report → It's pretending to be someone or sharing fake information → Impersonating me.
4. Upload a government ID when prompted. X requires it for impersonation claims as of 2024.
5. Add the GACS scan URL in the "additional context" field.

Instagram

1. Open the fake profile.
2. Tap ⋯ in the upper right.
3. Report → Report account → Pretending to be someone → Me.
4. Upload ID when prompted. Add a screenshot of the fake's bio next to yours.

TikTok

1. Open the fake profile.
2. Tap Share → Report.
3. Choose Impersonation → Me.
4. Submit the form. TikTok also accepts a separate web form at their Help Center which is processed faster.

Facebook

1. Open the fake profile or page.
2. Tap ⋯ → Find Support or Report Profile.
3. Choose Pretending to be someone → Me.
4. Facebook is the slowest of the four — file the report, then ask 5–10 of your real followers to independently report the same account. Volume reports are weighted.

YouTube

Use the dedicated impersonation web form (Privacy Complaint → Impersonation). The in-app report is for video content, not channel impersonation, and tends to be rejected.

Telegram, WhatsApp, Discord

Email the abuse address with subject "Impersonation report — [your handle]". Attach screenshots and the GACS scan link. These platforms move faster on emailed reports than on in-app ones.

Step 3 — Notify your followers

While the report is pending — usually 24 to 72 hours on the big platforms — the fake is still active and still DMing your audience. Get ahead of it.

Pinned post template (X / Instagram / Facebook)

Heads up: there is a fake account pretending to be me — @[fake_handle]. I will never DM you about investments, recovery services, giveaways, or wallet verification. My only handles are [list your real handles]. You can verify any account claiming to be me at gacs.app/badge/[your_handle]. Please report the fake and warn your friends.

Story / Reel script (TikTok / Instagram Stories)

One 15-second clip, face on camera, three sentences: "Someone is impersonating me with the handle [fake]. I'm not running any giveaway or recovery service. Don't DM money to anyone claiming to be me — verify at gacs.app/badge/[your_handle]."

Email or newsletter (if you have a list)

One paragraph, same content as the pinned post. Newsletter readers are the most likely to send money because they trust you most — they need the warning first.

Step 4 — Document everything

Documentation matters for two reasons: platforms sometimes ask for additional evidence mid-review, and if the impersonation leads to financial loss to a follower, law enforcement will need a clean timeline.

• Screenshots with URL bar visible. A screenshot without the URL bar is easy to dispute. Take browser screenshots, not phone ones. Save the profile page, every visible post, and the follower/following count.
• Archive.org snapshots. Submit the fake profile URL to web.archive.org/save. This creates a timestamped third-party record that survives even if the platform takes the account down.
• DMs as PDFs. If anyone forwards you a scam DM from the fake, ask them to export the conversation as a PDF. WhatsApp, Instagram, and Telegram all support this natively.
• Incident log. Single file, plain text. One line per event: "2026-06-17 14:22 — follower [name] DM'd by @[fake] asking for 0.05 ETH to claim airdrop." This becomes the basis of any later report.
• Report receipt IDs. Every platform issues a case number when you file an impersonation report. Save it. You will need it if the report stalls.

Step 5 — Prevent future impersonation

Once the first fake is down, expect a second one within weeks. The same actor often respins with a slightly different handle. Hardening your perimeter is the only durable fix.

• Move 2FA to an authenticator app. SMS 2FA is bypassable through SIM swap, which is how many "real account" takeovers start. Use Aegis, Raivo, or 1Password's built-in authenticator.
• Claim your handle on every major platform. Even ones you don't use. Bluesky, Threads, Mastodon (pick an instance), Telegram, YouTube, Pinterest. Each unclaimed handle is a free starter kit for an impersonator.
• Run a GACS following scan weekly. The scanner surfaces new impersonators that have targeted you specifically — accounts that follow you and have started DMing your audience.
• Publish a GACS verified badge. Add the badge to your linktree, your bio, your email footer. When a follower asks "is this real?", you have a single link to point them to: gacs.app/badge/[your_handle].
• Standardize your contact rules in your bio. One sentence: "I will never DM about money. Verify at gacs.app/badge/[handle]." A scammer can copy your photo but they can't fake a third-party verification page.
• Audit your photo and voice exposure. If you post 60-second monologues to TikTok, you are training a free voice clone of yourself. Consider lowering the audio quality of clips, adding background music to short clips, and never posting clean voicemail-length samples.

If the impersonator has already scammed your followers

This is the worst case and unfortunately common. If money has moved:

• Direct the victim to file an official report — IC3 in the US, Action Fraud in the UK, CAFC in Canada.
• If crypto, capture the destination wallet address and submit it to the GACS blacklist plus chain-analytics providers (Chainalysis, TRM Labs offer victim-report forms).
• Issue a public, calm post acknowledging that a follower was hit and listing concrete steps to recover. Acknowledging is better than ignoring — the next victim is reading your timeline to decide whether to trust you.
• Do not recommend any "recovery service" — those are themselves the next wave of scams targeting your audience.

Bottom line

Impersonation is now a normal part of having an audience. The response is not panic; it is a 45-minute checklist: confirm, report, warn, document, harden. Do it in order, use the platform's built-in tools, and lean on a third-party verification page so that the next person who asks "is this really you?" has a single answer to point to.