Angler phishing definition
Angler phishing is a social engineering attack aimed at customers who publicly request assistance from an organization on social media. The scammer reaches out with a fake customer service profile and tricks the victim into revealing sensitive information while pretending to help.
Real angler phishing attack examples
Telling customers to send money to a fraudulent account to pay for goods or services
Tricking customers who have trouble with their account into revealing their login credentials
Redirecting customers to a fake customer support website that will install malware on their device
Stopping an angler fishing attack
- Check if the profile is verified (if your social media platform verifies accounts, like Twitter does)
- Verify that the customer service profile is real — check its name and feed for odd signs
- Never reveal your full password — real staff will never ask for this information
- Don’t click shortened links unless you’re 100% sure it’s real
- If in doubt, end the conversation and contact the organization by phone or email
