You wouldn’t put up a neon sign outside your home that says “rob this house” before you left for a week’s vacation. The last thing you want to do is give a crook a heads up. But that’s exactly what people unwittingly do when they post complaints about companies they do business within their social media accounts.
It’s called angler phishing, and according to Experian, “[it] is the practice of masquerading as a customer service account on social media, hoping to reach a disgruntled consumer. With the name of the company or its social media account handle included in the post, scammers are ready to strike. They will then reach out to the victim using an account like [Name of Company] Customer Support Team, hoping [they] don’t realize that it’s not a real account.”
This attack is named after the anglerfish, which uses a bioluminescent lure to entice and attack smaller prey. Angler phishing attacks are particularly effective at exploiting the human factor in one regard. A response from someone in customer support is exactly what the complainer is seeking. So, receiving such a response does not immediately throw up any red flags. And hackers know that.
If you do become a victim of an angler phishing attack, more than likely it came from someone posing as your bank. According to research, “About 55% of social media attacks that impersonated customer-support accounts—a trend known as ‘angler phishing’—targeted customers of financial services companies.”
The easiest way to avoid an angler phishing attack is to never post complaints in social media accounts. For some people, that’s probably easier said than done. Short of that, there are a lot of ways to protect yourself from angler phishing attacks which you can find here, here and here. But I prefer to keep things simple.
If you want to speak with someone in customer service, do it directly from their website. There’s no need to overthink things. That’s especially true when it comes to protecting yourself from all forms of phishing attacks, not just angler phishing.
To keep things simple and protect you and your company from phishing, check out Phish Protection for free for 30 days. It’s cloud-based email security with real-time link click protection. And with the excellent 24/7 customer service, you shouldn’t ever feel the need to complain on social media, which will keep you safe from angler phishing.