The goal of Angler Phishing is similar to that of traditional phishing, Using different methods. Traditional phishing or phishing attacks come through email. This consists of receiving an e-mail that supposedly comes from an official company or organization, but it actually comes from an attacker.
Once the victim clicks on that link and goes to a page modified to steal the data. It is quite common to find a login form that when you do so the data will end up on a server controlled by the attackers.
On the other hand, Angler Phishing, even having a similar objective, but using social media instead of email. In this case, the attacker creates a page, A profile that simulates a company, legitimate organization or person, although in reality behind that account there is a computer criminal who has simply cast the hook to fish.
Cybercriminals take advantage of the fact that more and more companies and organizations are using social networks to promote themselves, be in contact with your users, etc.. Thanks to this, they can capture the attention of the victim. They impersonate a company's official profile and can ask users for personal data, Information, Send links for them to log in, etc.
We know that many users use companies' social media profiles to make complaints, obtain information or answer your questions. Sometimes users don't check if that's really the official profile, creating an opportunity for cybercriminals to obtain your data and be able to use it to send targeted advertising, Include you in a Spam list, sell them to third parties...
An example would be a company that sells electronic devices. The bait may be an offer to acquire a certain product at a spectacular price. The victim believes that this profile, The ad or link you are seeing is legitimate and belongs to an official profile. User asks, Find information, and they ask you to hand over your data. You may be offered a link to fill out a form, etc.
Once that happens, the process is similar to traditional phishing: The data, Passwords and any information you put in go to a server controlled by hackers.
To avoid being victims of this scam through social networks, the most important thing is common sense. It is essential that we never give up our data when browsing the net, or when using social networks even if we believe that we are dealing with a legitimate profile. Always check if the website you are visiting, The services and platforms we use are legitimate.
It is also important that we do not expose our data more than necessary. On the other hand, it never hurts to use security tools to protect our computers and also keep the systems updated correctly.