Angler Phishing Uses Customer Service as Bait

​Businesses don’t always live up to expectations, whether it’s your bank botching a transfer or a surly barista messing with your morning latte. These days, social media is important to a business’s brand, so a negative Facebook post, Twitter comment, or Yelp review can sometimes get their attention to resolve your problem. Unfortunately, it can also attract identity thieves looking to steal your personal information under the guise of customer service. The scam is called “angler phishing,” and here’s what you need to know to avoid it.

In nature, angler fish lurk in the deep sea, attracting prey with a glowing antenna. When an unsuspecting fish comes to investigate what looks like food, the angler fish snaps it up. Angler phishing scammers lure their victims with the glowing promise of customer satisfaction. They lurk on social media sites looking for negative comments and reviews, then contact dissatisfied customers, masquerading as customer service representatives. Victims are directed to a fake version of the business’s website, supposedly for help to resolve their issue. The fake website prompts the customer for personal information, which the thief will either use or sell and/or downloads malware to the victim’s computer. The site may even pass the customer off to the real business website at the end, so the victim never knows what happened.

Scammers aside, though, social media is a great way to give businesses feedback about your customer experience, so don’t stop yelping and tweeting. Just take a few precautions:

• If you’re contacted by a customer service representative, instead of clicking on any links in the email or message, go to the organization’s website directly through your browser and chat with a customer service agent.
• Keep security patches up to date and install security software on your computer and other devices that can prevent you from opening a suspicious web page or downloading malware.
• Think before you click. Scammers are really good at faking websites and emails, even copying verification badges such as the blue tick on Twitter. If anything seems off, from misspellings to a logo that doesn’t look quite right, don’t respond or click links.
• If you do become a victim of angler phishing, report it to the business whose identity was spoofed and to other users on social media.

Angler phishing is a growing problem. One study showed that almost 20 percent of social media accounts for major brands like Amazon, Starbucks, and Nike are fake, and there are more than 600 new fake accounts created every month. So, while dealing with bad products or service can be frustrating and the offer of customer service can be a huge relief, always take a moment to be sure the light at the end of the tunnel isn’t an angler phisher’s lure.