Angler phishing is a new type of phishing attack that targets social media users. People disguise themselves as a customer service agent on social media in order to reach a disgruntled customer and obtain their personal information or account credentials.
Roughly 55% of these types of attacks were focused on financial institutions. That being said, we wanted to make sure our members were fully aware of the potential dangers of angler phishing and how best to avoid its lure.
How does angler phishing work?
Fake accounts will answer people who are airing complaints on social media, usually via Facebook or Twitter. These fake accounts disguise themselves under a handle that includes the name of the financial institution, hoping that the people who are upset won’t realize that they aren’t a valid account.
The fake account will attempt to offer the disgruntled person a link that they claim will take them directly to an agent ready to talk to them. Clicking that link, however, will either install malware onto their computer, or lead them to another website that will try to get information and money from them.
How to resist the lure
- Before responding to any customer service or support account, check to see if the account is verified. On Twitter, all verified accounts will have a small checkmark next to their account name.
- Beware of shortened links! Scammers will often use shortened links that look like a random string of letters. If you’re unsure of the validity of any link online, the easiest solution is to not click it. You can check to see if a link is legit by hovering over it with your cursor.
- You can also take your customer service issues directly to the company’s website or call center for a resolution, rather than risk falling into an angler phishing trap.
To learn more about staying safe when it comes to spam and other fraud, please visit our Security Center.