Angler phishing targets people seeking customer support on public social media platforms. Attackers create fake support accounts that mimic the legitimate company's branding and naming conventions.
What is Angler Phishing
Angler phishing targets people seeking customer support on public social media platforms. Attackers create fake support accounts that mimic the legitimate company's branding and naming conventions. A victim posts on Twitter complaining about a billing issue or service problem, and within minutes, a fake support account responds helpfully, directing them to a credential harvesting page or malware link. The victim believes they're receiving official support and willingly provides account credentials, payment information, or other sensitive details. Unlike traditional phishing where attackers send unsolicited messages, angler phishing waits for victims to post publicly, making the interaction feel earned and legitimate.
How Angler Phishing Works
Attackers set up accounts on Twitter, Facebook, Instagram, and TikTok with names designed to be confused with the actual company. "@CompanyHelp" becomes "@CompanyHelp_Support" or "@CompanyHelpDesk" (the real one is actually @CompanyHelpUS). They monitor mentions of the company or specific service issues using keyword searches and alerts. When someone posts a complaint, the fake support account responds quickly with empathy and an offer to help. The attacker often asks the victim to click a link to verify their account, confirm their identity, or access a specialized support portal. Many victims willingly provide information through these links because they initiated the conversation and the context feels legitimate. Attackers may also request information via direct message after the initial public response.
Why Angler Phishing Is Effective
Angler phishing succeeds because it reverses the typical phishing dynamic. The victim is actively seeking help and emotional, making them less skeptical. They notice that a support account responded to their public complaint, which creates trust through apparent legitimacy. The attacker positions themselves as solving the victim's problem, exploiting reciprocity (the victim feels the attacker is helping, so they comply with requests). People often don't carefully verify account details on social media where they're distracted and frustrated. The fake support account has real followers and history because it was set up days or weeks before the attack. When the victim verifies the account exists and has company branding, they assume it's legitimate. Official company support accounts on social media are genuinely helpful and will request information, so victims expect legitimate support to ask for verification details.
How to Defend Against Angler Phishing
Organizations implement brand monitoring tools that track mentions and alert them to fake accounts impersonating the company. Security teams actively report and get fake accounts removed, though new ones appear constantly. Companies publish the official handles of all legitimate support channels on their website and include them in every help article. Some organizations implement blue checkmarks or other verification on their real accounts. For employees, the defense involves training on internal brand impersonation techniques, so they recognize when attackers create lookalike accounts. Users themselves should verify account details before sharing information: check the account's follower count, history of tweets, and whether the organization's official account mentions this support channel. The most reliable approach is to never provide sensitive information through social media, instead logging into the official website directly and using the support portal there.
Frequently Asked Questions
Why would I give my account password to someone responding to my tweet?
When you post complaining about a service problem, someone offering to help feels legitimate, especially if their account appears to be from the company. The context of you seeking help lowers your skepticism significantly.
How can I tell if a support account is fake?
Check the account's full handle carefully against the official accounts listed on the company's website, review their tweet history for consistency and professionalism, and verify their follower count and account age. Fake accounts often have fewer followers and recent creation dates.
Do real companies actually respond to complaints on social media?
Many legitimate companies do respond to customer complaints on social media, which is why angler phishing works so well. Always verify the account handle against the company's official website before providing any information.
What should I do if a fake support account contacts me?
Report the account directly to the platform and contact the actual company through their official website to let them know the fake account exists. Never provide information to unverified accounts, even if they claim to represent support.