Authority Impersonation

Authority impersonation exploits a deep human heuristic: messages framed as coming from a trusted institution (CDC, FBI, a court, a bank, a university) are processed with lowered scrutiny and higher compliance. LLMs make this attack scale because they reproduce institutional register on demand — the headers, disclaimers, case-number formatting, citation style, and bureaucratic cadence that humans use as authenticity cues — without the cost, time, or insider knowledge that previously gated convincing forgeries. The core asymmetry is generation-versus-verification: a model produces a flawless-looking agency advisory in seconds, while a reader has no cheap way to confirm it did not originate from the named body.

• Provenance verification against canonical channels: Cross-check any "official" statement against the institution's verified domain, signed press feed, or registered social account before amplification
• Cryptographic signing gaps: Genuine high-stakes advisories increasingly carry DKIM/DMARC-aligned email or signed PDFs; absence of valid signatures on an "official" notice is a strong flag
• Stylometric anomaly checks: Compare register, boilerplate, and citation conventions against the institution's real historical corpus; LLM output often over-generalizes house style
• Claim grounding / fact-checking: Verify the asserted fact (a declaration, a ruling, a recall) against authoritative registries and newswires rather than the message itself

Authority impersonation is a force-multiplier for the rest of T8: it provides the credible "source" that synthetic evidence (T8-AT-002), false crisis bulletins (T8-AT-014), and election content (T8-AT-011) need to be believed. It pairs with T9 synthetic media to attach a spoofed spokesperson video or seal to the text, and with T15 human-workflow exploitation when the impersonated authority is used to pressure a help-desk or finance employee into an action.