After experiencing poor customer service, many people turn to social media to voice their frustration. Some may even tag the source of their frustration or use a hashtag to help gain visibility. While many companies take this as an opportunity to correct a mistake, it is also an opportunity for bad actors.
Angler Phishing is a phishing attack that specifically targets social media users who have recently posted about a negative customer service experience. Like the fish they are named for, an Angling Fishing attack will use a bright lure to try and distract a social media user into providing personal information. In this case, the lure is resolution to the frustration they have publicly posted about from what appears to be an official customer service rep from the company they contacted.
During an Angler Phishing attack, a “customer service rep” will reach out to a social media user from what appears to be an official account, with a legitimate profile name and photo as proof of authenticity. After the customer service rep establishes trust, they will send the social media user a form to provide some of their personal information. If the issue is regarding their bank account, the individual may not question the need to provide their account number, routing number, pin, the answers to their security questions, or even their online account name and password.
How to Determine if You Are a Target
- Confirm who you are talking to. You should research the social media account of the customer service rep. You should examine the official name of the account, not just the display name. You should also consider recent activity on that account and any connections it has.
- Verify all links provided to you by the company representative. Before you click on the link, you will get a preview of where it will take you. If it the link will not you somewhere on the company’s website, don’t click it!
- Contact the company directly If an account is not verified, and you have any doubts whether you are speaking with an official company representative.
Many actions you can take to protect you from phishing scams, like multi-factor authentication, will not protect you against angler phishing attacks. While social media remains one of the most effective ways to communicate with companies’ customer service departments, it is essential that you remain vigilant. If you are concerned you have been the victim of an angler phishing attack, you should place a credit freeze and contact the Federal Trade Commission to report the fraud.
Our commitment to digital and IT transformation is shaped by daily dedication to customer service and the close collaboration of our workforce, managers, and leaders. Ready to join us in improving Veterans’ care? Check out all current information and technology career opportunities on DigitalVA. You can also contact VA’s Office of the Chief Human Capital Officer at 512-326-6600, Monday thru Friday, 7 a.m. to 5 p.m. CST or by submitting a resume to VACareers@va.gov.