However, as we know, hackers commonly look to exploit human behaviours, especially those that are vulnerable.
In this blog, we’ll outline what angler phishing is, how hackers can use it to prey on your customers, and of course, what to look out for so you can defend your organisation.
Angler phishing is essentially the act of pretending to be a customer support agent, for a particular organisation utilising social media, and hoping to connect with unhappy customers. Here they provide the promise of support, but unsurprisingly, they are in fact looking to steal customer credentials instead.
It starts with a post on social media from a customer. Perhaps they didn’t get the answer they were looking for on your website, or maybe they needed to speak to someone but couldn’t get through, either way, it’s usually something negative. This seemingly harmless social media post can then attract the wrong attention, and start an angler phishing attack.
The more information in the social post the better… For a scammer that is.
With the name of the organisation or its social media handle in the Tweet, Facebook or Instagram post, scammers are ready to pounce. They’ll reach out to the victim using an account that looks like the actual organisation, hoping the victim doesn’t realise it’s not a real account.
Sourcing these posts are easy for an experienced hacker. Scammers will often look for any account that mentions the brand handle and they’ll even set up automatic alerts for mentions. A prompt response and the promise of help can often fool those who are unsuspecting. In the example above, a malicious link has been provided, and for some, this is clicked without a second thought.
In this example, once clicked, the link will lead the user to a replica of the organisation’s login portal. This is a premeditated attack where hackers have the tools and systems in place to steal all of the required details and online credentials. This can be anything from a username and password, to pin numbers and the answers to security questions.
Angler phishing attacks can cause havoc for customer service teams on social media, especially those that operate in the finance and banking sectors. But for any organisation that operates online, there are easily actionable ways to prevent your customers falling victim:
Find out which social media channels your organisation uses, in addition to which accounts you have access to identify the key individuals that manage them. Make sure your team are aware of the vulnerabilities out there and have received the appropriate training.
Make sure your customers are aware of your policies and publish your guidelines publicly. For example, if you don’t ask your customers for personal details or send them links in on social media, tell them this regularly.
Make sure you monitor social media for fraudulent brand accounts, ensuring you report any questionable activity to the social media platform.
To ensure your accounts are also not vulnerable to a hack, use strong passwords that are continuously being changed every few months. It’s also important to add 2 factor authentication whenever possible.
If possible, verify your account to ensure authenticity.
It only takes one click to infect your systems and users. That’s why it’s important to train your staff and help them protect your data. Whether it’s via an email, on social media, or a text message our phishing simulation courses will help you educate