What Is Angler Phishing?

What Is Angler Phishing Banner
Sebastian Salla author profile photo
Sebastian Salla Published: December 14, 2024
Follow:

Angler phishing is a type of sophisticated phishing attack where scammers use fake social media profiles to pretend to be legitimate representatives of an organization.

Scammers who use angler phishing will create or monitor the social media profiles of organizations they're impersonating and wait for a victim to create a post or leave a comment, typically a complaint or query that they require help with. Scammers use this as an opportunity to contact the victim, pretending to be a member of the organization's support team and convince them to disclose sensitive information or install malware under the guise of providing help.

What Makes Angler Phishing So Dangerous?

What makes angler phishing so dangerous is a mixture of the way it exploits the lack of corporate verification measures on most social media platforms and also exploits an individual who has unknowingly given a scammer the perfect pretext to contact them.

Missing corporate verification on social media platforms

Missing Corporate Verification

Each social media platform has its own standard for verifying corporate profiles.

  • X (formally Twitter): Notable organizations can apply for a gold checkmark on their profile.

  • Facebook: Notable organizations and individuals can apply for a blue checkmark on their profile.

  • Instagram: Notable organizations and individuals can apply for a blue checkmark on their profile.

  • LinkedIn: No formal verification process exists.

  • YouTube: Channels with over 100,000 subscribers that meet various eligibility requirements can apply for a gold checkmark on their channel.

  • TikTok: Notable organizations and individuals can apply for a blue checkmark on their profile.

  • Reddit: No formal verification process exists.

Angler phishing provides the perfect scammer pretext

Perfect Scammer Pretext

Typically, with pretexting, cybercriminals are forced to come up with a believable and entirely fabricated scenario that will entice a victim to interact with the provided payload.

However, with angler phishing attacks, the victim creates the pretext, and the only thing the attacker needs to do is create a believable social media presence such that victims cannot tell the real from the fake. The moment a victim makes contact with the cybercriminal through one of their fake social media profiles, the hard job is over, and the pretext is established.

An Example Angler Phishing Attack

Angler phishing attacks are devious in the way that they operate, with attackers lying in wait for a potential victim to expose themselves. To help provide an idea of just how these attacks happen, we'll go through an example scenario:

  • 1

    Scammer Creates Numerous Fake Social Media Profiles

    To cast as wide a net as possible, the scammer creates dozens of fake social media profiles across various platforms, impersonating organizations such as financial institutions, infrastructure providers, retail outlets, and more.

  • 2

    Victim Asks For Help On Social Media

    A victim who is having trouble changing the physical address on their online banking account goes to Facebook to try to find their bank's profile so they can ask for help. While searching for the bank, the victim accidentally misspells the name and, as a result, lands on a fake profile. While on this fake profile, the victim makes a post asking for help.

  • 3

    Scammer Sends The Victim A Direct Message

    Seeing that a potential victim has posted on one of the scammer's fake social media profiles, the scammer sends the victim a direct message, pretending to be a member of the organization's support team.

  • 4

    Scammer Compromises The Victim

    Over the course of a back-and-forth conversation, the scammer entices the victim to try logging into their online banking account again, but this time, using a link that the scammer provides. This link leads to a phishing website controlled by scammers and designed to look like an authentic sign-in page for the financial institution being impersonated. Using this phishing website, the scammer is able to harvest the credentials of the victim in real time and compromise their online banking profile.

Common Angler Phishing Techniques

Cybercriminals can perform highly effective angler phishing attacks by exploiting a mixture of technical and human weaknesses. The most common techniques used are outlined below:

Fake Profiles

Cybercriminals create fake profiles that impersonate legitimate organizations in the hopes of having a victim stumble across their profile. These profiles will often seem legitimate, with frequent posts and thousands of followers.

Direct Messages

Cybercriminals will always try to turn public conversations into private direct messages. Private direct messages let cybercriminals influence victims with worry of someone interfering or warning the victim of what's taking place.

Time Limited Promotions

By using time-limited promotions or raffles, cybercriminals can use urgency and a fear of missing out to entice victims to act without applying critical thinking. Beyond directly phishing a victim, promotions are often used to social-proof fake profiles.

Compromised Profiles

The only thing more valuable to a cybercriminal than a social-proofed fake profile is a compromised profile. By leveraging compromised social media profiles, cybercriminals can blast out messages to an unsuspecting user base.

Paid Verification

Platforms that provide users with a paid premium option, such as Twitter or LinkedIn Premium, provide cybercriminals with a way to add legitimacy to their fake social media profiles at a relatively low expense.

Pretexting

By operating under the guise of a legitimate organization, cybercriminals have the perfect pretext to conduct angler phishing attacks. The nature of the pretext is provided by the victim at the time of contact.

Practical Tips To Avoid Angler Phishing Attacks

Angler phishing may seem like a difficult type of phishing attack to protect against, particularly given the lack of corporate verification controls, but there are actually a lot of ways to defend against them:

  • Avoid using social media to contact organizations: Always contact organizations through their official communication channels, typically through a support request on their website or through email.
  • Understand social media verification measures: Different social media platforms have differing social media verification controls. Familiarize yourself with these, so you know when an organization is or isn't verified.
  • Stay wary of promotions that seem too good to be true: Cybercriminals will commonly use urgency to bypass critical thinking in a victim.
  • Switch communications from social media to email: If you do start communication with an organization over social media, quickly switch to email, making particular note that the email address provided matches that of the organization's official domain.

Practical steps that can be taken to defend against angler phishing attacks

Frequently Asked Questions

Where Does The Term Angler Phishing Originate From?

The term "angler phishing" originates from one of the ocean's most well-known deepsea predators, the anglerfish. The anglerfish was chosen as inspiration due to the unique way it attracts prey, namely through the use of a luminescent fin that dangles in front of its mouth as a lure. Small fish that are attracted to this light, thinking it may be some type of food, ultimately fall prey to the anglerfish. Similarly, with angler phishing, scammers use fake social media profiles that impersonate legitimate organizations as the lure and lie in wait for a potential victim to stumble across their profile, thinking it's the actual organization.