What is Angler Phishing?

In our latest article on cybersecurity awareness, we talk about an increasingly common cyberthreat – Angler phishing. According to some estimates, around 95% of cybercriminals employ phishing techniques to trick consumers. This statistic is undeniably scary. However, with awareness and good security practices, you’ll be able to combat cyberattacks. What is Angler Phishing? How can you prevent falling prey to it? Read on.

What is Angler Phishing?

Angler phishing is a social engineering practice where the scammer poses as a customer service representative to trick a consumer. It rightfully gets its name from a deepwater creature, the anglerfish, which lures its prey with a glowing whiplike rod to devour it. Perpetrators of angler phishing attacks masquerade as a social media service account of a business rather than using spam emails to steal sensitive information from targets.

How does Angler Phishing work?

Usually, when a company gets mentioned by unsatisfied customers on social media, the designated employees respond and resolve the issue as soon as possible. During this interaction, the employee may ask for contact details, shipping address etc., especially if it’s an account-related issue.

The customer would gladly give them the information to solve the problem as soon as possible. Angler phishing attackers take advantage of this situation.

The scammers will create fake social media accounts for existing businesses, generally for organisations that rarely respond to customers. They will offer help and ask the target to click on a link they’ve sent. When the customer clicks the hyperlink, one of the two happens- either they’ll receive a form to fill in their personal details, including financial information, or malware will download and infect their device. Once the attackers have the information they need, they will use it for malicious purposes, mainly identity fraud.

Why is Angler Phishing so effective?

Compared to traditional email scams, angler phishing is much more effective. The success rate of this particular phishing technique is because customers expect to be contacted by the company when they raise a complaint. Furthermore, the attackers know what their targets want. They will make their profiles appear as authentic as possible using the official logos and even include fake account histories in their profiles. Angler phishing has now become very common like made-up job listings and romance scams on the social media.

How to avoid Angler Phishing?

The reason why angler phishing works so well is that people let their guard down on social media. Here are a few ways you can avoid falling prey to angler phishing schemes.

1. Verify the account.

Before replying to anyone who reaches out to you, make sure the account is legitimate. On platforms like Twitter and Instagram, there are checkmarks next to the name to show that the accounts are verified. Go through the profile and check for spelling errors, follower count, creation date, and past interactions. Also, go to the official website of the business and ensure that the account is mentioned as a point of contact there as well.

2. Contact the company directly if you have doubts.

If the customer service account that offered help rings the alarm bells for you, reach out to the company directly via phone or email. It is always better to be safe than sorry, so don’t worry about offending the person who has contacted you. Since the service desk representatives are experienced, they’ll understand why customers need complete assurance to continue interactions.

3. Don’t click on links.

Never click on links sent by strangers, even if the senders are customer service representatives. If they ask for sensitive information like passwords, be assertive and say you are unwilling to do so. Cybercriminals may make it sound like you have no other option but to do what they say.  A professional, on the other hand, will understand your hesitance in giving out information. They will not push you to go through with it if you’re uncomfortable.

4. Report fake accounts.

If you are an employee who comes across a fake social media account of your business, report it to social media support immediately. After notifying the authorities, inform your customers, so they will not be victims of the scam. Also, regularly notify your clients about customer service guidelines, so even if they’re contacted by cybercriminals, they’ll easily recognise the fake accounts.

Despite scams like angler phishing, social media channels are one of the most effective ways to contact a company. For the same reason, it would be impossible and illogical to stop using social media as a communication tool. Instead, you can learn about the social media cybersecurity issues and be ready with the right measures if ever faced with a potential threat. To learn more about cybersecurity, contact us or email at cybersecurity@computingaustralia.group. Computing Australia ensures quick and effective cybersecurity solutions to protect our clients from the latest threats.

Jargon Buster

Social engineering: Social engineering is defined as the emotional manipulation employed to force people into giving us sensitive information.
Phishing: It is a social engineering tactic in which the attacker sends fraudulent emails to trick the victim into giving personal information.
Malware: Any software designed with the intention of destroying or gaining authorisation over a computer, computer network or client, is called malware.