Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Angler phishing

Angler phishing

Angler phishing definition

Angler phishing is a social engineering attack aimed at customers who publicly request assistance from an organization on social media. The scammer reaches out with a fake customer service profile and tricks the victim into revealing sensitive information while pretending to help.

Real angler phishing attack examples

Telling customers to send money to a fraudulent account to pay for goods or services

Tricking customers who have trouble with their account into revealing their login credentials

Redirecting customers to a fake customer support website that will install malware on their device

Stopping an angler fishing attack

  • Check if the profile is verified (if your social media platform verifies accounts, like Twitter does)
  • Verify that the customer service profile is real — check its name and feed for odd signs
  • Never reveal your full password — real staff will never ask for this information
  • Don’t click shortened links unless you’re 100% sure it’s real
  • If in doubt, end the conversation and contact the organization by phone or email

Further reading

Ultimate digital security