New trend alert: angler phishing

Cyber criminals are very productive in developing and testing new techniques and tactics to maximise the success of their attacks. Statista has forecast that there will be around 2.22 billion social network users by the end of 2016, making social media platforms the go-to place for attackers to leave their bait.

How do they do it? Cyber criminals carefully select an account with lots of followers – the more the merrier. Then they hack or create a replica of the account and begin their fraudulent activities, such as posting fake adverts infected by malware, or engaging in hate speech to discredit the legitimate owner of the account.

These fake accounts are where a new phishing attack is coming to life: angler phishing.

What is angler phishing?

According to Proofpoint, angler phishing takes its name from the anglerfish, which exploits its bioluminescent lure to attract and attack small prey: “In this case, the glowing lure is a fake customer support account that promises to help your customers but secretly steals their credentials instead.”

How does it work?

Criminals create a fake customer support account for a famous brand – an internet provider for instance – and wait until a user looks for support. They usually monitor help requests raised on evenings or weekends when the legitimate owner of the account is less likely to respond. Once the prey is found, the attacker replies using the fake account and offers a prompt solution which hijacks the legitimate site, sending the customer to a replica website or login page. The user then enters their login details without suspecting they are being stolen.

Raise your phishing attack awareness

Being vigilant is vital if you don’t want to fall victim of phishing attacks. If you know how these attacks work and how to spot them, you can easily avoid the bait. To help you improve your knowledge of phishing and social engineering attacks, IT Governance has developed the Phishing Staff Awareness E-learning course. Accessible online, this course helps you to learn at your own pace wherever you are. You can repeat the course as many times as you like until you feel ready to take the multiple-choice exam to test your understanding of the topic.

Beware of the phishing bait. Raise your awareness with our e-learning course >>

Are you new to e-learning courses? To encourage your company to discover and benefit from our e-learning courses, we are offering a year’s subscription to a customised course for an introductory £0 per user, for as many users as you need. Let your manager know about this temporary offer soon as it ends at midnight on Friday, 15 July. Read more >>