>

Glossary Home

What will I learn?

  1. What is angler phishing?
  2. How does angler phishing work?
  3. Example: PayPal angler phishing attack
  4. How to protect against angler phishing?

Glossary Home

Angler Phishing

What is angler phishing?

Angler phishing is a social media based phishing attack where attackers pose as representatives of trusted brands, often as customer support profiles, and interact with potential victims on social media platforms. They trick users into revealing sensitive information, such as login credentials or financial details, or lure them into clicking malicious links that may lead to credential theft or malware infection.

How does angler phishing work?

  1. Monitoring social media: Attackers scan platforms like X, Facebook and Instagram for any outburst of unresolved concerns or questions from users tagging a certain brand.
  2. Impersonation of support accounts: They create fake profiles or accounts that mimic the brand with the intention to impersonate the brands specified by the victims, aiming to target users who have already expressed concerns.
  3. Luring the victim: Through their fake profiles, they pose as helpful customer support representatives from the brand and try to reach victims via DMs. By appearing helpful, they gain the victim’s trust. Under the pretense of providing immediate assistance, they may ask the victim to click on malicious links or provide login credentials.
  4. Credential harvesting or malware delivery: Unsuspecting victims end up revealing their login credentials through the link shared by the attackers or unintentionally downloading malware onto their system by clicking the malicious link.

Example: PayPal angler phishing attack

In early 2020, fraudulent Twitter accounts impersonating PayPal customer support (using handles like "AskPayPal_Tech") monitored the official @PayPal account for customer complaints. When users tweeted support requests, the fake accounts quickly responded claiming to provide help. The attackers used stolen PayPal branding and logos to create convincing fake profiles and landing pages. Victims clicking these links were directed to credential harvesting sites that perfectly replicated PayPal's login pages. This attack demonstrates how angler phishing exploits customer trust in social media support channels to steal financial credentials and gain unauthorized account access.

How to protect against angler phishing?

Angler phishing is a relatively new type of phishing attack that poses several risks to individuals and businesses. You can prevent these attacks by taking the necessary precautions and following the best practices. 

Enhance account protection 

  • Implement multi-factor authentication(MFA):

    MFA adds an extra layer of security. Individuals should enable MFA on all sensitive accounts, and businesses should encourage customers to use it during sign-up and sign-in.

  • Use strong, unique passwords:

    A password is the first layer of defence against any cyber attack. Users should be encouraged to create a password that includes a combination of letters, numbers, and symbols, and is of sufficient length. Users should have their passwords updated at periodic intervals. 

Stay alert to impersonation 

  • Educate:

    Prevention is better than cure. Individuals should learn about phishing attacks, including how attackers impersonate brands, by reading official security guides, following trusted sources, and staying updated on current threats. Businesses should educate their customers about phishing attempts using the brand’s name and alert them when such attacks are occurring so they can recognize and avoid them.

  • Monitor social media platforms:

    Businesses should monitor social media for potential impersonation, such as fake profiles or domains mimicking their brand, and any customer-related conversations happening with these accounts. If such activity is detected, it should be promptly reported to the appropriate authorities, and actions should be taken to remove or block the fake profiles. 

Engage only with verified accounts 

If you receive a direct message from an unknown profile claiming to help you, do the following before responding: 

  • Confirm the account is verified (e.g., blue tick on X).
  • Check account details such as creation date, follower count, and recent customer interactions.
  • Cross-check the handle on the brand’s official 'Contact Us' page to confirm authorized support accounts.
  • Only interact with the exact account you contacted. Ignore messages from unverified or unrelated profiles.
  • If you find the account to be suspicious, report it to the concerned authority/platform.