Protect Your Tech
What’s the threat?
Scammers are targeting people who have complained on social media that they’re having problems with their Paypal account. The scammers then contact the customer, posing as an Paypal employee to trick them into revealing details such as passwords, usernames and email addresses.
It’s the latest type of phishing threat and, like others, is named after a type of fishing. We’ve seen spear phishing, clone phishing and even whaling, not to mention vishing (or ‘voice phishing’, where scammers try to trick people by phone). Wikipedia explains them all at www.snipca.com/21746. Angler phishing is different because it doesn’t target you by email. Instead, devious scammers scour social-media sites, particularly Twitter, looking for people who are angry with a service. They then set up a fake account and tweet an offer to help if the customer clicks a link. This takes the victim to a fake support page.
The name comes from the anglerfish, a grotesque but inventive predator that lures prey using a light at the end of a fleshy rod attached to its head.
What should you do?
Ideally, avoid going on Twitter or Facebook to complain about Paypal, your bank, Amazon or other major web services. If you use Paypal, only reply to tweets sent by the company’s official UK account: @Paypaluk ( https:// twitter.com/paypaluk). Look out for the fake names scammers use, which include @Askpaypal_tech and @Askpaypal (see screenshot left).
Be particularly vigilant in evenings and at weekends. Proofpoint, the US security company that uncovered the scam, said scammers strike at times when the official Twitter accounts are less likely to be active.