Angler Phishing Attacks on the Rise

Ransomware, spearphishing, trustjacking, crypto jacking…every time you turn on the news, it seems like there’s a new form of cyber attack with a strange new name to go with it.

However, understanding what the term means and how it can impact you is important. Knowing what kind of threats you may encounter will help you to take as many preventive steps as possible.

Only a couple of years ago, security researchers at Proofpoint designated a new form of attack called “angler phishing” that could potentially affect anyone. Named for the far-from-adorable anglerfish that attracts its prey with a lure that grows from its head (remember Finding Nemo?), an angler phish attack occurs via social media when scammers spoof a well-known company’s customer service account. They lure in unsuspecting victims by pretending to be helpful, supportive agents of the company.

It might not sound like the most effective way to trick someone into handing over access to their personal data, money or computer, but the most recent report shows that this type of tactic is responsible for about 55 percent of the social media spoofing attacks.

These attacks are actually very simple. Scammers create a fake account on a site like Twitter, such as @AmazonHelp$, instead of the genuine customer service account. They wait for a Twitter user to send out a seemingly harmless but obviously irritated message, such as, “Ugh! Can’t believe Amazon still hasn’t delivered my package!” The scam account is set up to automatically respond to any message with “Amazon” in it.

The fake account responds with something professional sounding, like, “Sorry to hear about your package. Click the link below to talk to an agent.” The problem is the link actually installs a virus on the user’s computer.

If your tech skills are strong enough, you can spot a faked customer service account. Depending on the platform you’re using, you can look back at the account’s posts and see a pattern. A strange number of posts would also be an indication that this may not be a real account. The most important thing you can do to protect yourself is avoiding the temptation to click a link. Sure, it might be a convenient way to resolve an issue, but it’s just as likely to be a scam attempt.

To be certain that you’re only dealing with legitimate company resources, go directly to the business’ website and locate the customer service center. You can avoid copycats and scammers by only communicating with the actual site.

Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.