Angler phishing is the practice of masquerading as a customer service account on social media, hoping to reach a disgruntled consumer.
About 55% of such attacks last year targeted customers of financial institutions, trying to lure victims into handing over access to their personal data or account credentials.
How Angler Phishing Works
Angler phishing typically plays out like this: an upset customer posts something on Facebook or Twitter like, “UGH! Can’t believe [name of bank] did it to me again! Didn’t post my direct deposit on time and now I’ve bounced three checks! #tiredofthis” This harmless social media post might help the customer vent a little, but it sets things in motion for an angler phishing attack.
With the name of the bank or its social media account handle included in the post, scammers are ready to strike. Many of them even have automatic alerts activated so they can be informed when someone posts about a specific company. They will then reach out to the victim using an account like [Name of Bank] Customer Support Team, hoping you don’t realize that it’s not a real account.
Their faux support is friendly, understanding and ever so cautious about sounding genuine. You’re almost immediately offered the option to click a link to be taken directly to an agent who is standing by to help you. Clicking the link, however, installs malware on your computer, takes you to a video streaming site, or leads to some other avenue that seeks to get money and information from you.
How To Avoid Becoming A Victim Of Angler Phishing
Social media posts can be a good way to reach out to a company, but be cautious to ensure you’re protecting yourself from fraudsters online:
- Before you respond to anyone on social media when you request help online, check the account that’s responding to ensure they’re verified. On Twitter, look for a blue verified badge (checkmark) to know it’s legit.
- Read the description on the Twitter or Facebook account and look for it to say it’s the “official account of” or the “official support account of” a business.
- You can also always take your customer service issues directly to the company’s website or call center for a resolution rather than risk falling into an angler phishing trap.
Step employees through new-school security awareness training to help them not fall for social engineering attacks like this.
Cross-posted with grateful acknowledgement.