• Skip to main content
  • Skip to primary sidebar
Scambusters
menu icon
go to homepage
search icon
Homepage link
  • Get Our Weekly Scambusters Newsletter
  • Advice
  • Avoiding Scams
  • Scammer Techniques
  • Identity Theft
  • Consumer Help
  • Phishing
  • Bank
  • Phone
  • Urban Legends
×

Angler Phishing Scams Reel In Stolen IDs

Phishing scams

ID thieves use angler phishing scam on social networks: Internet Scambusters #745

Angler phishing is the latest ploy being used by scammers on social networks like Twitter and Facebook.

They pose as customer service reps following up complaints and convince victims to hand over confidential information, as we explain in this week's issue.

We also have a warning about fake delivery service messages that aim to infect your PC with malware.

Now, here we go...


Angler Phishing Scams Reel In Stolen IDs


When you're seeking customer service support via Twitter, beware of getting caught on the hook of an angler phishing scam.

Angler phishing? That's the name security experts have given to a con trick in which scammers pose as customer service reps for the company you're complaining to.

Here's how it works.

It's common practice among some of the 300 million people on Twitter to use the social media service to talk about problems they're having.

Many organizations have their own Twitter account -- usually "@" followed by its name, for example "@paypal."

A message that includes that "handle" goes to the company's Twitter feed, so they can read it and respond.

Alternatively, a user can apply a hashtag -- "#" -- followed by the name, for example "#paypal," and the message or tweet will go into a list with all other tweets using the same hashtag.

The hashtag approach means that Twitter users are sharing their complaints for anyone to see.

So, it's only natural that companies also monitor hashtag lists for tweets that use their name.

More Scam Reports:  The Fourth Credit Bureau You Don't Know About

Either way, organizations that take customer service seriously are usually quick to respond to these grumbles by contacting the user so they can try to put things right.

Scammers Step In

But these organizations are not the only ones monitoring the complaints. And that's where the angler phishing tricksters step in.

As it happens, the example we used of PayPal is one of the most common targets for the scammers.

The crooks have their own Twitter accounts, often with names resembling the target company or with authentic sounding titles that include words like "bank."  Sometimes the fake organization name begins with the word "Ask," as though inviting customer service inquiries.

The scammers know the grumblers are waiting for a reply, so they step in and supply one. In the process, posing as PayPal or whomever, they ask the customer for personal information, like their sign-on details.

A typical message apologizes for whatever trouble the consumer is complaining about and invites them to visit their fake website page "to better serve you."

They may use a website address shortener to totally disguise themselves -- for example, one starting with "bit.ly/" followed by a sequence of letters and numbers.

The message also tries to hurry victims along by promising to solve their problems immediately after they sign on with their account details.

Once they have the details they need, the scammers sign on to the customers' accounts and, depending on which organization they're mimicking, try to withdraw money or make purchases.

In some cases, they may use the details to open credit card and loan accounts.

More Scam Reports:  ID Theft Glut Threatens Taxpayers

According to one report, once the scammers have the account information they need, they then send another message to the victim, thanking them and redirecting them to the genuine site they're seeking -- hoping to throw their victims off the scent and allow more time to commit their crime.

Facebook and Instagram Targeted

The same report -- from financial intelligence site Fortune.com -- says the scam is now also starting to make an appearance on other social media sites such as Facebook and Instagram.

It quotes security expert Devin Redmond as saying: "The bad guys put it all together -- a social media account, the website, even fake email accounts -- to create a whole environment."

Meanwhile, says Fortune, a variation using hijacked LinkedIn accounts belonging to insurance brokers has also shown up.

The security specialists who uncovered the angler phishing scam, Proofpoint, says the fake PayPal page looks remarkably convincing, including the financial firm's logo.

Watch this brief video produced by Proofpoint for banks and other financial institutions:

Sometimes, angler phishing scams are almost impossible to spot but you should always be wary of tweets and emails that promise to quickly resolve your problems by clicking a link. If that link then takes you to a site where you're invited to sign on -- don't. It's almost certainly a scam.

There are also a number of organizations that publish lists of suspicious websites. You'll find details of these plus lots of other useful tips on how to spot and avoid angler phishing and other scams in PayPal's fraud guide.

More Scam Reports:  Freelancing Risks and Translation Scams

Alert of the Week

Once it was a rarity, but now that more and more of us buy online, we often expect to see packages show up on our doorstep.

And we're not surprised to find a note saying they missed a shipment that requires a signature.

In the same way, scammers are sending out similar emails hoping to trick recipients into clicking a link.

One message received recently by a member of the Scambusters team started by saying:

"Your shipment has arrived, but we were unable to deliver it to your address because nobody was present.

"Someone must always be present at the destination address, on the delivery day, to sign for the parcel."

Fair enough, but...

A link that supposedly led to a delivery notice actually would have taken them to a download site in Vietnam where a digital package of malware was awaiting them.

The address was cleverly designed to look like it came from UPS.

If you get a message like this, ignore it; but if you think there may be a package for you, look up the phone number for the delivery company and call them direct.

That's all for today -- we'll see you next week.

« When "Natural Flavor" Is Not What You Thought
Don't Fall for These 5 Common TV Scams »

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Search For Scam Info

Popular

  • real estate scams
    Buyer Beware: Real Estate Scams and How To Avoid Them
  • public assistance
    Public Assistance Scams: How to Protect Your Benefits
  • online gaming
    Online Gaming Scams Exploit Your Children – What You Need to Know to Protect Your Kids (And You!)
  • travel scams
    Travel and Vacation Scams: What You Need to Know

Footer

↑ back to top

About

  • Privacy Policy
  • Terms & Conditions

Newsletter

  • Sign Up! for emails and updates

Contact

  • Contact

Copyright © 2024 Scambusters.org and Breakthrough Consulting, Inc.