What Is Angler Phishing?

What is Angler Phishing?

Angler phishing is a type of phishing attack where a scammer poses as a customer service agent on social media. Often, angler phishers target victims by scanning social media posts to find dissatisfied customers. Then, the scammer swoops in, pretending to provide the victim with seemingly friendly and attentive (but actually fraudulent) customer service.

One of the particularly dark aspects of angler phishing is that it takes advantage of victims who may be distressed after a bad experience with a business. They could be quick to comply with a scammer who, on the face of it, may seem genuinely helpful. Unfortunately, the scammer's true aim is to exploit money or sensitive information from their victims.

Learn more: What Is Social Engineering?

How Does Angler Phishing Happen?

Angler phishing happens when a scammer impersonates a customer service representative on social media, engaging with a customer to steal money or information from them.

One way angler phishing could play out is this: An unhappy customer comments on a company's social media page to vent about a bad experience they've had. Then, the scammer messages the customer posing as a support agent. They ask the customer to "confirm" their sensitive data, financial information or to repeat back a code sent to their phone. In reality, they'll use this information to steal the victim's money, commit identity theft or compromise their accounts.

Angler phishing can also happen when a scammer posing as a customer service representative asks you to click on a link, which you may believe will lead you to a support center. In reality, the link could download malware to your device.

Learn more: How to Protect Yourself From Identity Theft

How to Avoid Angler Phishing

As with other types of phishing attacks, the best way to avoid angler phishing is to be cautious and skeptical of anyone who contacts you and asks you to click links or provide any information. Even if you're expecting to hear from a certain company, you can't necessarily trust that the person contacting you is who they say they are.

Here are some specific tips that can help you protect yourself from angler phishing:

• Reach out directly to trusted organizations. Navigate directly to a business's website to find instructions for contacting its customer service department. That way, you can be confident that you're actually interacting with the institution you intend to, rather than a potential scammer.
• Verify identities on social media. If you're interacting with a business or organization on social media, confirm that you're on the official account page. If you receive what you believe is a comment or message response from the organization, click the sender's profile to ensure it's the official site, rather than a spoof. For example, on Facebook and X (the social media platform formerly known as Twitter), you can look for a blue or gold check mark next to the organization's name to indicate verified business status.
• Don't share sensitive data. You should set a hard boundary to never give your personal information, including your Social Security number and date of birth, to anyone who calls, texts or emails you to ask for it—even if you believe they may be a trusted contact.
• Don't pass along multifactor authentication codes. If a hacker is attempting to get into your account, they may be prompted to enter a verification code. Websites and apps prompt you with these codes when you log in to ensure you're the true account owner. If someone claiming to be a customer service representative asks you to provide them with a code verifying your identity, it's a sign they're a scammer.

Learn more: How to Avoid Phishing Scams

The Bottom Line

Angler phishing capitalizes on the fact that customers who are in need of support may be quick to comply with the requests of a scammer who they believe is offering genuine help. Phishing is a constant threat, but your best defense is to simply hit pause, listen to your gut and avoid making any decisions in the heat of the moment.

Take time to consider any requests for action on your part. When in doubt, simply disengage. Then, reach back out to the organization using a trusted form of communication, such as a phone number or live chat support found directly on the organization's official website.

Beyond angler phishing, stay aware of other common phishing scams to help avoid falling into traps. You could start by reading about the latest scams targeting consumers, and then learn more about how to recognize and avoid financial scams.