Angler Phishing

1st May, 2020

  • Industry Insights

Over the past few weeks, we’ve looked at various Phishing methods that criminals use to infiltrate your systems. We are finishing off the Phishing Phriday’s series this week by taking a look into a relatively new phenomena called Angler Phishing.

Angler Phishing uses both social engineering and our personal indignation when it comes to poor customer service to hook unsuspecting victims. This is a social media based attack which is starting to become a major issue as more and more people have a social media presence. Where there is people, there is money to be made…

Here are a couple of examples of how you can put your head above the parapet and become a target for Angler Hackers:

Example 1:

You’ve been trying to arrange a new direct debit on your bank account, but the app keeps crashing. You get frustrated and take to Twitter to vent. “I can’t believe the poor service I’m being given by Suchandsuch Bank – why does your app keep crashing?”. Then you sit back and wait for the people you are connected with to agree with you.

Then, joyously, a representative of the bank gets in touch via the DM service and offers to help. They are extremely sorry and value your business very much, so if you could please click this link and log in to your account, they can help cure your ills. I hope we know by now that this would be a very bad idea indeed…

Example 2:

You are excited. You’re off to sunnier climes for a fortnight. You have already posted a photo of a pint of lager and a gin & tonic from the airport (hashtag holidays, hashtag fortnight) to let everyone know your house is now empty for two weeks (don’t get me started). Now, your flight is delayed by six hours. This upsets you greatly and you post on Facebook about how unhappy you are. A geo tagged post, so we know where you are flying from, with the Airline mentioned, so we know who you are flying with and the time, so we can find out a flight number in around 9 seconds.

Well, whaddaya know? Very soon, you may well receive a DM or email from the “airline”, quoting your name, flight number and destination. Apologising profusely for the inconvenient delay and offering you a £200 voucher for a future flight as way of apology. All you have to do is click this link…

These criminals even have automatic alerts set up for when certain companies are mentioned in social posts. They know what they are doing, surfing the wave of our righteous indignation when we don’t get exactly what we want, when we want it.

By all means, have a vent on Facebook, but also engage with the company’s official support via their website. That’s a safe route to take.

Even safer is to understand that apps crash, flights get delayed, mobile signals drop out sometimes. These things happen as life just isn’t as perfect as it should be.

Understanding this and not venting on social media is the very best protection you can have.

Don’t bait the hook that’ll catch you.

If you need any further advice on how to spot and protect against phishing attacks, please don’t hesitate to contact us.