Nowadays we all like to think we know how to stay safe online - avoid dodgy links, spot suspicious emails... but is social media safety front of mind? Maybe not, and as a result a new type of threat is on the rise - angler phishing. While this may seem like another lavish name for a scam, it’s becoming increasingly common and is a sophisticated form of deception targeting unsuspecting social media users.

What is Angler Phishing?

Angler phishing is a type of phishing attack that uses fake profiles and customer support channels on social media to lure users. The term "angler" refers to the method cyber attackers use to "cast a line" and draw in potential victims, much like a fisherman trying to catch fish. Unlike traditional phishing attacks that typically involve deceptive emails, angler phishing thrives on social media platforms where users seek assistance or engage with brands.

How does Angler Phishing work?

Attackers create fake profiles that mimic legitimate companies, often using their logos and branding to appear credible. These accounts then engage with users who are frustrated or seeking help.

For example, if a user tweets about a problem with a company’s product, a fake support account may reply, offering assistance and asking for personal information to resolve the issue. This information could include usernames, passwords, or even financial details, all of which can be exploited.

Common tactics

Angler phishing can take various forms, including:

Real-world examples:

One notable example of angler phishing involves major airlines. Attackers create fake support accounts that mimic the airlines and respond to users seeking assistance with flight bookings. Many users unknowingly provide sensitive information, leading to compromised accounts and financial losses.

And more recently we’ve seen large-scale phishing attacks costing online shoppers millions of dollars. The phishing attack has been labelled "Phish 'n' Ships," and has targeted over 1,000 legitimate shopping websites to promote fake product listings, resulting in stolen payment information. The attacks have been ongoing since 2019, and have affected hundreds of thousands of online shoppers and generated tens of millions of dollars in stolen funds.

The scammers behind these attacks are employing advanced SEO tactics, including using search term data from major retailers, to ensure their fake listings appear at the top of search results. When shoppers click on infected listings, they are redirected to fake stores controlled by the attackers - mimicking legitimate shopping websites and can be difficult to spot.

Fake Instagram shops:

Another common angler phishing scam has been seen over on Instagram with the rise of fake instagram shop fronts.  

Social media users in Ireland have been misled into purchasing discount clothing through advertisements on Facebook and Instagram, with many victims reporting they have lost money after buying items that were never delivered.

Despite complaints, affected users found it challenging to seek refunds due to the lack of support from social media platforms like Meta. 

These types of incidents highlight the effectiveness of angler phishing and the importance of vigilance when interacting with brands on social media.

Recognising Angler Phishing

Signs of Angler Phishing

To protect yourself from angler phishing, it's essential to recognise the signs. Look out for:

Social media clues

Phishing attacks often thrive on social media, so it's vital to be vigilant. If you receive a message from a brand's support account, consider verifying the request through official channels before responding. Check the profile’s handle too as there are typically spelling errors or minor differences such as numbers or extra punctuation included.

Prevention and protection

Tools and resources

Consider utilising security tools that can help you identify and block phishing attempts. Additionally, educating yourself and your team about these threats can greatly reduce the risk of falling victim to angler phishing.

Protecting your business from Angler Phishing

Angler phishing poses a significant threat to businesses. Here are key strategies to safeguard your organisation:

1. Educate employees

Conduct training sessions to raise awareness about angler phishing. Teach employees how to recognise suspicious messages and the tactics used by attackers.

2. Monitor social media accounts

Regularly monitor your official social media profiles for impersonation attempts. Use tools to track mentions of your brand and quickly address any fraudulent accounts.

3. Implement strong security policies

Establish clear policies for social media use and communication. Ensure employees know not to engage with suspicious accounts and to report them immediately.

4. Use official communication channels

Encourage customers to use official channels for inquiries and support. Clearly communicate these channels on your social media pages to reduce confusion.

5. Verify communications

Instruct employees to verify any requests for sensitive information through separate, trusted channels. This helps prevent falling for phishing attempts.

6. Utilise security tools

Employ security tools that can help detect phishing attempts and report fraudulent activity. Many social media platforms offer built-in reporting features for suspicious accounts.

7. Build a strong online presence

Maintain an active and engaging presence on social media. The more robust your official accounts are, the easier it is for customers to distinguish between real and fake.

8. Respond quickly

If you identify angler phishing attempts, respond quickly. Notify your customers about the scam and provide guidance on how to avoid falling victim.

9. Stay updated on threats

Keep up to date with the latest phishing techniques and tactics. Regularly review your cybersecurity strategies to adapt to evolving threats.

10. Engage with customers

Encourage customers to verify the authenticity of communications. Foster a culture of open dialogue where they feel comfortable reporting any suspicious activity.

Conclusion

Angler phishing is a cunning and evolving threat that exploits a person’s trust in social media interactions. By understanding what angler phishing is and recognising its tactics, you can better protect yourself, your business and your information. Stay vigilant, verify sources, and don’t hesitate to reach out to official channels for support.