Beware of angler phishing

Have you ever heard of angler phishing – a new type of phishing attack that targets social media users? Although it emerged in 2015, it is still pretty much unknown – and, because of that, more dangerous.

The anatomy of the angler phishing scam

Nowadays, consumers often seek help and advice from companies’ social media profiles because their complaints and questions will get a prompt reply. Knowing this, cyber criminals create fake social media profiles that closely resemble brands’ actual support accounts, using the same logo, look and feel, and an account name or handle that mimics a legitimate one.

As soon as a user leaves a comment or tweet, or tags the company’s actual social media account, criminals intercept the communication and reply, diverting the victim to a phishing site where they are invited to log in. When they try to do so, users inadvertently hand their sensitive data to the criminal.

Boom of angler phishing attacks

According to Proofpoint’s 2017 report The Human Factor, there were 2-3 attempted angler phishing attacks per month in late 2015 and fraudulent profiles mostly impersonated those of major banks. Last year, the frequency increased to 2-3 attempts per day and the target expanded to other well-known companies in other industries.

Recognise its lure

Many social media users know very little of angler phishing and are at risk of identity fraud. However, identifying such attacks is easy enough if you know what you are looking for. If you’re not confident about your ability to spot fake social media accounts, this 30-minute long e-learning course will teach you the tips and tricks you need to spot the bait. Recommend it to your colleagues!