In the vast ocean of the internet, various forms of phishing lurk beneath the surface, ready to ensnare unsuspecting users. One lesser-known form of phishing is ‘Angler Phishing.’  

What is Angler Phishing?

Angler Phishing is a form of phishing attempt where the cyber criminal might spoof as a customer service representatives on social media platforms. It’s named after the anglerfish, which uses a glowing lure to attract its prey. These cyber criminals can use the promise of a quick and convenient customer support resolution to deceive their victims. They typically create fake social media accounts that closely resemble those of legitimate businesses, then respond to customers who are seeking assistance, leading them to believe they are interacting with the actual company.

Examples of Angler Phishing

A classic example of Angler Phishing might involve a customer tweeting at their bank about a problem with their account. A scammer, monitoring social media for such opportunities, could respond from a fake account that looks remarkably like the bank's official account. They might ask the customer to confirm their account details or password, thereby gaining access to sensitive information.  

You might remember a series of memes that were popular a few years ago, where comedians would spoof customer service accounts and troll customers having issues. Scammers do the same thing.
30 Times This 'Customer Support' Trolled Clueless Customers | Bored Panda

How is Angler Phishing Different from Regular Spear Phishing?

While traditional phishing often involves sending mass or ‘spear’ emails in the hope that someone will click on a malicious link, Angler Phishing is more targeted and sophisticated. It exploits the trust between businesses and their customers on social media platforms. The attackers are proactive, seeking out potential victims, and their impersonation of legitimate customer service can make their deception harder to spot.

Protecting Yourself from Angler Phishing

To guard against Angler Phishing, always verify the identity of customer service accounts before interacting with them, or better yet – always directly contact customer service when an issue arises with a service you use. If you have no other options than to call out on social media - check the contact details on the main page, the age of the profile, the number of followers and their interactions. You can no longer trust a blue tick, so the due diligence of verification is now your responsibility.  

Never share sensitive information like passwords, login details or credit card numbers over social media. It really is best is to contact the company directly through their official website or customer service phone number or app. Remember, vigilance is your best defence in the digital seas teeming with phishing threats.

To learn more about phishing awareness, download our Cyber Awareness Month toolkit here, or schedule a demo of our award-winning training platform.