What Is Angler Phishing and How Can You Avoid It?

What Is Angler Phishing and How Can You Avoid It? article image.

Angler phishing is the practice of masquerading as a customer service account on social media, hoping to reach a disgruntled consumer. About 55% of such attacks last year targeted customers of financial institutions, trying to lure victims into handing over access to their personal data or account credentials.

How Angler Phishing Works

Angler phishing typically plays out like this: an upset customer posts something on Facebook or Twitter like, "UGH! Can't believe [name of bank] did it to me again! Didn't post my direct deposit on time and now I've bounced three checks! #tiredofthis" This harmless social media post might help the customer vent a little, but it sets things in motion for an angler phishing attack.

With the name of the bank or its social media account handle included in the post, scammers are ready to strike. Many of them even have automatic alerts activated so they can be informed when someone posts about a specific company. They will then reach out to the victim using an account like [Name of Bank] Customer Support Team, hoping you don't realize that it's not a real account.

Their faux support is friendly, understanding and ever so cautious about sounding genuine. You're almost immediately offered the option to click a link to be taken directly to an agent who is standing by to help you. Clicking the link, however, installs malware on your computer, takes you to a video streaming site, or leads to some other avenue that seeks to get money and information from you.

How to Avoid Being a Victim of Angler Phishing

Social media posts can be a good way to reach out to a company, but be cautious to ensure you're protecting yourself from fraudsters online:

  • Before you respond to anyone on social media when you request help online, check the account that's responding to ensure they're verified. On Twitter, look for a blue verified badge (checkmark) to know it's legit.
  • Read the description on the Twitter or Facebook account and look for it to say it's the "official account of" or the "official support account of" a business.
  • You can also always take your customer service issues directly to the company's website or call center for a resolution rather than risk falling into an angler phishing trap.

Here are some additional resources to protect yourself from other types of phishing:

Experian proudly provides financial support to the Identity Theft Resource Center.

The purpose of this question submission tool is to provide general education on credit reporting. The Ask Experian team cannot respond to each question individually. However, if your question is of interest to a wide audience of consumers, the Experian team may include it in a future post and may also share responses in its social media outreach. If you have a question, others likely have the same question, too. By sharing your questions and our answers, we can help others as well.

Personal credit report disputes cannot be submitted through Ask Experian. To dispute information in your personal credit report, simply follow the instructions provided with it. Your personal credit report includes appropriate contact information including a website address, toll-free telephone number and mailing address.

To submit a dispute online visit Experian's Dispute Center. If you have a current copy of your personal credit report, simply enter the report number where indicated, and follow the instructions provided. If you do not have a current personal report, Experian will provide a free copy when you submit the information requested. Additionally, you may obtain a free copy of your report once a week through April 2022 at AnnualCreditReport.