Do you own a business or have a social media presence? Are you part of the Marketing or Security team within your company? If you answered “Yes,” then you need to be aware of the latest scam being used by cyber-criminals to damage your brand reputation and steal from your business: watch out for angler phishing!

What is Angler Phishing?

Angler phishing is the latest trend amongst cyber-criminals operating on popular social media platforms such as Twitter, Facebook and Instagram. Criminals create a fake brand support page on these social media websites, in order to redirect customers to phishing websites. They impersonate the social media teams of various businesses (banks, retailers, etc.) to gain the trust of clients, who then feel safe and willing to share sensitive personal data, since they are sure they are communicating with genuine staff from the brand they reached out to in the first place.

Why is it called “angler phishing?” This social media scam is named after the ugly and scary deep-sea Anglerfish, like the one depicted in the movie “Finding Nemo,” which uses a glowing lure to attract their prey. In angler phishing, the glowing lure used by cyber-criminals is a fake brand support page. Customers think they have found “genuine light” and are speaking with genuine customer support; but in fact, they are dealing with crooks and by the time they realise it, it will probably be too late.

In a nutshell, cyber-criminals are taking advantage of the fact that brands are now using more and more social media platforms to deal with customers.

Why is Social Media So Attractive for Scams?

Since customers nowadays are more connected than ever, they have created new habits: instead of picking up their phone or emailing the bank, retailer or delivery company they have a question for, they now turn to Twitter, Facebook or any other social media platform to contact the business’ support team. As a result, businesses are using social media platforms more than ever before to answer their customers promptly, no matter what the inquiry is. It’s Customer Service 2.0 – and the hackers are shrewdly following this trend.

Social media is without a doubt a major playing field for all sorts of crooks and hackers. Here are some enlightening facts:

  • Phishing is the fastest growing threat on social media (150% increase from 2015 to 2016)
  • The number of fraudulent social media brand profiles is on the rise (1100% increase from 2014 to 2016)
  • In 2015, a study showed that of all the social media accounts supposedly owned by renowned brands across various industries (such as Amazon, Starbucks, Chanel, Nike, BMW, Shell, Samsung and Sony), 19% were fake
  • The same study revealed that no less than 600 new fake accounts were created every month in 2016
  • Other research showed that companies projected to spend AUD$35.98 billion on social media advertising in 2017 (an increase of almost 50% from the previous year); and that 38% of these companies projected to spend more than 20% of their advertisement budgets on social media platforms.

Social Media scams are therefore extremely rewarding for criminals, due to these three major factors:

  • The gigantic and ever-growing number of potential victims: researchers believe that by next year, a third of the world’s population will have a social media presence, with at least one active personal account
  • The switch for companies in their principal form of communication: from conventional to more connected, via the use of social media platforms
  • The always increasing corporate advertising budget, which companies allocate to spend on social media.

Hackers are now, more than ever, focusing on social media. Cyber-crime isn’t solely about emails or mobile apps anymore: the security game is changing, evolving and therefore widening. These days, the biggest security challenge companies face on social media is completely blocking out fake profiles impersonating their brands; and it is not a minor thing to do considering the generative nature of social media platforms. Creating new, fraudulent accounts is quick and easy for criminals.

How Does Angler Phishing Work?

When using angler phishing, a cyber-criminal’s goal is to bypass the genuine customer support page of a well-known brand, and the first step can take two forms:

  • The criminals create an entirely fake brand profile, thus impersonating the brand: the victims are unknowingly engaging directly with criminals; or
  • The criminals monitor conversations on a genuine customer support page: the criminals go after their victims by getting involved in an existing conversation.

Either way, the result is the same: criminals are posing as members of the brand’s customer support staff, so that they can “help” customers on social media networks with issues such as product faults, account issues, the tracking of a parcel….

Impersonating the brand:

Brand impersonation on social media is sadly very easy to achieve. Criminals can easily create very convincing brand pages, specific product pages or customers support pages. Fake profiles copy the look and feel of the imitated brand, using the same logo and visuals, the only difference usually being the almost unnoticeable misspelled brand name: “MyBusiness” would become “Mybusiness”, or “My_Business”, or “MyBusinessUK”/“MyBusinessUSA”/“MyBusinessFR”, etc). Editing or adding content on social media is a piece of cake, since criminals can simply copy/paste entire posts so that they look legitimate. They can also, with one click, delete comments with bad reviews or pointing out the scam. A lot can be done so that more and more victims fall for the scam. Hackers sometimes go to the extent of creating fake profiles for satisfied customers, who praise the “scam”-offer or product they are advertising.

Cyber-criminals are in general pretty good at covering their tracks, and that is especially the case on social media platforms, where everything is so editable. With sharing being an integral feature of social media, a malicious post can be shared and re-shared between friends and followers, making it almost impossible to trace the origin of specific fraudulent content.

One of the tricks criminals are using in order to fool customers, even suspicious ones, is misleading them using the verified badge some social media platform have. For example, the blue tick on Twitter, confirming the profile is genuine. This “seal of approval” is usually linked to the profile, but rarely visible on individual tweets and posts, making it harder for users to discern fraudulent ones from genuine ones. Criminals also integrate the verified badge into their profile picture or background image, which customers rarely notice is not in the correct spot; just because it’s there, the profile looks legitimate and safe.

Cyber-criminals will use whatever bait customers will fall for, such as ads, giveaways, fake promotions, vouchers, coupons, sweepstakes, etc.; so that they can lure users into clicking on phishing links or downloading malware.

Bypassing a genuine profile:

When criminals monitor a genuine and renowned brand’s customer support page: as soon as a customer engages a conversation or leaves a message asking for assistance, the crooks respond to the targeted-victim as quickly as possible, to bypass the genuine customer support. They then send the customer to a fraudulent website, most often to a phishing page. After reaping the information they were phishing for (credit card details, log in credentials, social security numbers, etc.), it’s not uncommon for the criminals to redirect their victims to the legitimate brand support page or website, making sure to thank them for their time.

As in real life burglary, cyber-criminals wait for the most opportune time to launch their angler phishing attacks: they are more likely to successfully bypass a genuine customer support team during the evenings or on weekends, when the activity on social media is less monitored by the company.


Stay tuned next week for the second part of our story on angler phishing: what are the risks and consequences for users and businesses? How can you protect your company with FraudWatch International?