<-- Back

Angler Phishing: The Newest Lure


Social networking has taken over our everyday life. Whether you’re sharing your morning latte on Instagram or asking Facebook friends for a book recommendation, social media is at the heart of it all. And don’t get me wrong. Social media is a great tool to stay in touch with family or reconnect with old friends, but where there is excitement there will always be someone looking to exploit it. Case in point, cybercriminals.

Nowadays you won’t see many businesses without a social media presence. Companies take advantage of these outlets to provide exclusive deals, promote discussion, and answer customers’ questions in a quick and personable manner. Seems innocent, right? Unfortunately, cybercriminals have also noticed this trend of real-time customer service and are now using it to trick customers into releasing their private information. This bait and switch tactic is known as Angler Phishing and it is the latest trend amongst criminals operating on social media platforms.

So what is Angler Phishing?

This scam is named after the ugly and scary deep-sea Anglerfish best known for using a glowing lure to attract its prey. Criminals create fake brand support pages and use them as glowing lures of customer support to redirect visitors to phishing websites. They impersonate the social media teams of the targeted businesses to gain the trust of clients, who in turn feel safe and willing to share sensitive personal data because they believe they’re communicating with genuine staff.
Angler phishing is mostly found on Twitter but is now also turning up on other platforms where brands use social media to engage with consumers such as Facebook and Instagram.

How To Stay Safe

While it may be difficult to spy the differences between genuine and fake social media platforms there are ways to stay safe from these attacks.
1.    Never login to an account if the link is provided to you through email or social media.
2.    If you are unsure about a link in a social media post, do NOT copy and paste the link into your web browser. You could still end up on the malicious site and potentially load malware on your computer or network. 
3.    Type the address of a website directly into your Web browser will ensure that you are going to the legitimate site and not a phishing site that was designed to mimic the real thing. 
4.    Technology-based security measures such as firewalls, encryption, anti-virus, spam filters, and strong authentication will NOT prevent social engineering fraud.
5.    Know the social media account handle for the company you are dealing with.  Make sure you communicate only with the legitimate account.
6.    Look for misspelled Twitter handles, email addresses, etc.