What's Angler Phishing?

Hi there!

I hope you’ve had a superb week??

In my last letter, we talked about a popular type of phishing called Whaling. If you missed that letter, click here to read up. As promised, this week I’d be talking about Angler Phishing, important things you need to know and how you can stay protected. Ready? Then let’s go!

Angler phishing is a new type of phishing attack that targets social media users. People disguise themselves as customer service agents on social media to reach disgruntled customers and obtain their personal information or account credentials. Angler phishing got its name from an aquatic creature, the Angler fish – a fish that hunts other fishes. It has a luminescent fin ray that lures prey in before devouring them. Angler phishing attackers use the same tactics to fish for their prey. They create false social media accounts of top companies, particularly financial institutions.

So how does it work? Fake accounts will answer people who are airing complaints on social media, usually via Facebook or Twitter or any of the popular platforms. These fake accounts disguise themselves under a handle that includes the name of the financial institution, hoping that the people who are upset won’t realize that they aren’t valid.

The fake account will attempt to offer the disgruntled person a link that they claim will take them directly to an agent ready to talk to them. Clicking that link, however, will either install malware onto their computer or lead them to another website that will try to get information and money from them. Here is a typical example of an Angler phishing attempt.

Now you see why it’s important to be watchful even on social media. Not to worry, here are some tips to help you avoid being a victim of an Angler phishing attack:

• Always verify whom you are talking to on social – Before responding to anybody online, always verify whom you are talking to. Check if the account is verified, their number of users or followers, and confirm it’s a business account. Check the company’s website for links to their social media handles, click it to make sure it is the same as the one responding to you. If something seems fishy or off, then it most likely is.
• Reach out directly if in doubt – If you have the slightest doubt about whom you are talking to, stop talking and contact the company via another means, this could be through phone or email. Don’t fall into the trap of not wanting to insult the person that contacted you. This is a natural reaction to somebody offering to help. But it’s also something that attackers rely on to get what they want.
• Beware of shortened links - Scammers will often use shortened links that look like a random string of letters. If you’re unsure of the validity of any link online, the easiest solution is to not click it. You can check to see if a link is legit by hovering over it with your cursor.
• Never send sensitive personal information – No company will ask you for sensitive personal information such as PINs or Card Digits. The people who perform these attacks will make it seem like you have no logical choice. But a professional will understand completely why you might refuse to do so.

Note: Cybercriminals will always come up with new and innovative ways to get access to your personal data, and if you feel you might have fallen victim to an angler phishing attack on social, it is important to report it.

Side Gists

This week was our ED and founder’s birthday. We are super glad to have you as a visionary leader and we continue to wish you greatness in all your endeavours. Hip Hip Hurrah!

The ECSL open day was this week. 70 fellows in 14 peer learning groups had the opportunity to showcase their projects and demo sessions at the event. We appreciate the support of all partners involved in making it a successful turnout.

It is always fun writing to you and I look forward to doing it again. In my next letter, I would be talking about another type of phishing called “Smishing”. You do not want to miss it.

Till then, stay well and remain cyber safe! ??

Yours truly,

Bolatito