What is Angler Phishing and how to avoid it
Every day, cybercriminals create new ways to carry out online frauds. This also goes for a new form of cyber fraud called Angler Phishing. This threat uses social media to attack its victims. Through deceptive messages posted in a fake social media account, the criminal collects confidential data. Be aware of how Angler Phishing works, how to detect it and how to protect yourself from the possible theft of your data and, perhaps, your money.
What is Angler Phishing?
Angler Phishing is the latest online scam trend that supplants the identity of the company’s customer service accounts in social media. The name Angler Phishing comes from a Finding Nemo movie character. In the film, a deep-water fish called Anglerfish uses a bright lure to attract its prey and devour them.
Basically, Angler Phishing does the same to its victims. Cybercriminals create false social media accounts of companies, especially banks, on Twitter, Facebook or Instagram.
When users look for support contacting companies through their social media accounts, they are captured by cyber criminals who supplant the company’s identity. The criminal convinces the client to follow specific steps to be redirected to phishing websites where the fraud happens.
In 2015, a study revealed that 19% of social media accounts of companies such as BMW, Amazon, Starbucks, Sony, and Samsung, among others, were false. Fraud Watch International
Do you know that...?
MasterDC cloud is protected on various levels. Firewall and anti-DDos shield is available for our customers and cloud infrastructure is backed up to another location. Moreover, our datacentres are monitored by experienced technical support 24/7.
How does Angler Phishing work?
Normally, the victims of Angler Phishing are unsatisfied costumers. The attack with Angler Phishing begins when a customer complains in social media about the services of a company or financial institution.
When the customer mentions the name of the targeted company on social media, the criminal receives a notification through an alert system.
Immediately, the pirate communicates with the client through a masked account which tries to mirror the company’s official customer service account on social networks.
The aggressor uses a comprehensive language with the client to catch him and convince him that his problem will be solved by clicking on a link to continue the process.
Phishing is the fastest growing fraud in social media. The number of fraudulent social media brand profiles increased 1100% from 2014 to 2016. Fraud Watch International
When the client clicks the link, he is directed to a site where he is invited to log in into his online banking, for example. If the client hasn’t noticed the scam yet and enters their confidential data, the cybercriminal will receive them. In other cases, if you click on the link, malware infects the client’s computer.
Normally, Phishing Angler is more active during weekends or days when criminals know that the company’s online customer service is poorly monitored or inactive.
How to avoid Angler Phishing
Security experts recommend some precautions to users to avoid Phishing Angler. Keep in mind the following security measures:
- Verify that the account of the company that is contacting you is real. Normally, users respond automatically to messages on social media without noticing the blue badge that certifies official accounts as happen on Twitter.
- Check the company’s record on social networks. Normally, official accounts have a long tail of publications that probe interaction with the clients. False accounts seem to have been created recently with some incoherent publications.
- If you have doubts about the identity of the company’s account, it is better to contact them directly through their website or by phone before putting you under risk.
- If you are a representative of the company and have noticed that an attacker is trying to steal your customers’ information, contact social media support to notify them of the scam.
- Publish an alarm on your social media account for your customers. Explain to them the details about the Phishing threat and offer them alternative channels to communicate with you.
- Periodically publish guidelines for your clients to let them know how your customer service works. Tell them that the company never ask to log in following a link on social networks.