What Are Angler Phishing Attacks? Definition, Risks, and Prevention
Imagine having an issue with your crypto wallet. You contact customer support and, while waiting for an answer, you impatiently express your dissatisfaction with the service, let's say, Twitter.
You are now being contacted by the wallet's customer support through Twitter, but something seems... phishy. You're already seeing red, so you don't have the time for an investigation now — you just want your problem solved.
You click on the link provided to you, enter the malicious site, and type in your username and password, or your seed phrase. After some time, you see that your wallet balance is now $0.
This scenario is getting more and more common since scammers are becoming more refined with each passing day. But it doesn't need to be like that. Here at KuCoin, the people's exchange, we focus on providing our users with cutting-edge security (as well as security education).
Read on to learn all there is about angler phishing attacks, including what they are, how they work, and how to protect yourself from bad actors.
What Is Angler Phishing?
Angler phishing is a form of social engineering attack that targets social media users. The attacker deceives their victims into giving away vital information by disguising themselves as a reliable source on social media by using fake social media accounts.
They might be able to access your bank, email, crypto, and other accounts. In addition, they might sell your information to other scam artists. Every day, scammers carry out tens of thousands of such phishing violations, many of which are successful.
The Symbolism of the Anglerfish
The anglerfish, a fish that hunts other fish, gave the practice of phishing its name. The angry-looking deep-sea anglerfish may be the ugliest creature on Earth, and it inhabits what is undoubtedly the planet's most hostile environment: the dark, isolated bottom of the ocean.
It draws its prey in with a luminous fin ray before consuming them. The same strategies are employed by attackers who use phishing to catch their prey.
How Does Angler Phishing Work?
An angler phishing attack is a type of phishing that involves bad actors impersonating customer service agents in order to meddle with social media users' judgment and extort sensitive information from you.
They will often employ social engineering to get what they want. This attack targets social media users, usually of financial institutions and crypto exchange services, since that's where the money is.
Their method consists of using fake social media accounts impersonating customer service by making a profile that presents itself as such. Additionally, many of them regularly check social media channels, lurking and trying to find customer complaints and offering "help."
They try very hard to sound sincere while providing pleasant, compassionate, and false support for their customer complaints. They usually offer you to click a link that will take you directly to an ''agent'' who can assist you with solving the problem.
Angler phishing scams succeed after you:
- Click a link that installs malware on your computer, or
- Enter a fake website and input your account or wallet info.
If successful, angler phishing attackers can:
- Get your seed phrase,
- Gain access to your wallet,
- Get your account credentials,
- Obtain your login information,
- Steal your identity,
- Damage your reputation or the reputation of the service provider you were complaining about.
Who Can Fall Victim to Angler Phishing Attacks?
The truth is: almost anyone can be attacked. It's important to note that different types of phishing target different demographics. However, most angler phishing attacks are generally aimed at older or less tech-savvy people due to their inexperience in the field.
However, some phishing attacks target very successful and digitally-savvy individuals — every they can, against all odds, fall victim to this type of scam.
That means that you should #ThinkBeforeYouInvest, watch out for fake accounts and do everything in your power to stay safe.
Phishers have demonstrated their ability to reach multiple users using a wide range of strategies, regardless of their position within organizations, assumed degree of expertise, or line of work.
How to Spot an Angler Phishing Attempt
As we described in our example above, the victim complained about their problem not only to the technical support, but also on social media, thus falling victim to an angler phishing attack. However, this doesn't mean that you shouldn't express your dissatisfaction and look for answers and advice there. Instead, you need to pay extra attention to people that reach out to you.
There are many ways in which you can spot an angler phishing attack if it ever comes your way. Here are some of them:
- Creating a sense of urgency: If a ''customer service representative'' pressures you into doing something right away, (such as redirecting you to a suspicious site or giving any kind of information without much context) be wary.
- Weird grammar: Scammers sometimes use incorrect grammar in their messages for their messages to pass through safety filters. The reason is not always purposeful — some phishers come from countries where English is not their first language. Pay attention to any misspellings or bad grammar, as they are a dead giveaway you are a potential angler phishing scam victim.
- Suspicious links: If you see any links that do not correspond with the homepages of the services you were complaining about, be careful. Sometimes the links can include additional letters, unnecessary numbers, or even contain words not connected to the service.
- Suspicious profile pages: Look for the profile photo of the account contacting you, the color palette they are using, the number of followers they have, as well as what kind of posts they usually share. Taking a brief look at the profile might be all you need to conclude if an account contacting you is a scammer or not.
Prevention and Safety Measures Against Angler Phishers
If you feel overwhelmed by the amount of information conveyed, worry not — we got you! Here are some ways to ensure a safe journey through the exciting crypto world.
- You should be aware of any messages that seem suspicious. Be especially careful when handling unsolicited messages that contain attachments or links.
- When asking for assistance on social media, thoroughly check the account that is speaking to you to make sure they are verified before you reply.
- Instead of taking the chance of getting caught in an angler phishing trap, you can always take your customer service complaints directly to the company's website or call center.
- Avoid clicking on links from unreliable sources. Also, never email anyone important information like your login credentials — not even customer service. Most angler phishing attackers instill a sense of urgency to make you feel as though you have no choice but to follow their instructions.
- If the majority of your cryptocurrency portfolio is kept in a single wallet, you might want to diversify by moving some assets to a second or third wallet.
Here at KuCoin, safety comes first. To protect your crypto assets against scammers posing as KuCoin employees, we have created an Official Media Verification page. Here, you can simply select the social media you were contacted from, enter the account information of the person contacting you, and get a definitive answer to whether you are talking to an official KuCoin employee, or a scammer.
KuCoin Exchange Official Media Verification Page
We urge all our users to use this definitive way of determining if the person speaking to you is actually a representative of KuCoin.
The old adage ''knowledge is power'' is of the utmost importance. It is always smart to develop your knowledge, not only in life but in your financial endeavors, too.
Work on your intuition, inform yourself of the latest crypto trends, and read news about phishing cases.
If you see anything suspicious, make sure to report it — do not remain silent. Inform and share your knowledge with your friends and loved ones, engage in the crypto community, and stay vigilant.
The world of crypto is exciting and has much to offer, but only as long as you keep your funds safe and secure. And don't worry - we've got your back.
For Further Reading
If you want to learn more about how to protect yourself from scams, here are some of the articles you can check:
- How to Protect Your Mobile Device From Crypto Scams？
- KYC in Crypto User Information Security
- Phishing Attacks: How to Recognize Them and Avoid Crypto Scams?
- How to Protect Your Crypto Funds From E-mail Phishing Scams
- Everything You Need to Know About Account Security on KuCoin
Find The Next Crypto Gem On KuCoin!