A New Type of Spear Phishing Attack
At the beginning of this year, Proofpoint researchers identified a new form of social media-based phishing attack, called angler phishing. Proofpoint is a cybersecurity company that protects the way people work and keeps businesses safe from email threats.
What is angler phishing?
The angler phishing attack was created from the ‘anglerfish’, which lures and entices smaller prey. In this type of attack, a fake customer-support account promises to help customers but instead steals the customer’s credentials.
How does this happen?
The attackers create highly convincing fake customer service accounts and then monitor social media channels for customer support requests. Angler phishing attackers usually wait until evenings or weekends to strike when companies are less likely to be monitoring their social media platforms. When the hacker sees a customer contact your business, they hijack the conversation by responding directly to that customer using their fake support page – asking the customer to sign into their ‘secure support portal.’
Who is at risk and how can it be prevented?
These types of attacks will be a problem for any business that provides customer service on social media. The following is a list of some key actions an organization can take to help prevent angler phishing attacks:
- Identify your organization’s social media platforms, accounts and key individuals.
- Document who is responsible for the corporate accounts. These accounts should have strong passwords that are continuously being changed every few months.
- When applicable, use verified accounts. Twitter and Facebook offer an option for verified accounts to help ensure authenticity.
- Continually monitor for fraudulent accounts. Make sure you take down any suspicious activity and report it to your IT team or service provider.
- Enhance your security by leveraging email security solutions. Winxnet Security Experts have identified Proofpoint as their exclusive email security solution and recommend using this tool to help identify fraudulent social media activity.
These are just a few things your organization can do to help prevent social media attacks and stay secure. If you feel as though your business is not prepared for these types of phishing attacks, then it’s time for a serious conversation with our security experts.