angler phishing

Angler phishing is a type of cyberattack that gets its name from the angler fish.

Why angler fish?

For those unfamiliar with this type of fish, the female anglerfish has a  glowing lure at the end of the spine to attract prey (food for her to eat).

What does this have to do with cyber attacks?

Both the hacker and the fish offer a light to “assist” their victims. Once they have earned their trust, they launch the attack.

Returning to cybersecurity, in an angler phishing attack, hackers target dissatisfied customers on social networks.

How are angler phishing attacks carried out?

The hacker can either create a fake profile, preferably on Twitter, Facebook or Instagram, pretending to be that of a legitimate product or brand or can set and activate alerts to notify him when a disgruntled consumer posts a negative comment about a specific product or brand.

Once customers have shared their negative experience on social networks, the hacker replies (preferably late at night and/or on weekends when it is highly unlikely that the customer service representative is monitoring them). He does so in a very nice and understandable way, offering the customer a link to an official agent who responds to their complaint. This is when the attack takes place.

There are two possibilities when the victim clicks on the link:

  • That a piece of malware is automatically downloaded, infecting the endpoint device.
  • That the link redirects to a malicious site (when the victim clicks on the link, a piece of malware is downloaded, infecting his device).

Why have these attacks become so popular?

As far as is known, the first angler phishing attack took place in 2015. Howver, it is now that it is becoming more popular. This is mainly due to:

  • High number of potential victims: According to an analysis from Hootsuite and we are social:
    • There are 7.593 billion people:
      • Of which, 4.021 billion have Internet access (figure that increases by 7% year over year)
      • 3,196 are active users of social networks (figure that increases by 13% each year)
  • Boom of the so-called customer service 2.0 (Just as an example, 100% of the Ibex35 companies are on LinkedIn, 97% on Twitter and 63% on Facebook). Brands use less and less the telephone and email, and find in social networks a more effective and cheaper way to reach their customers.
  • Consumers are increasingly looking for quick responses and solutions to their problems. Customers, aware of the great value and power of social networks, are increasingly using them when they have a problem and need a quick response.
  • The low cost of social networks, allows hackers to create false profiles very easily (it is estimated that 15% of the profiles are false).

That said…

Would the same happen with RITech?

If you already know the answer and want to keep your business and your customers protected, contact us!

Follow us on Twitter and LinkedIn to hear out our latest news and remember that you can also subscribe to our blog!.