Criminals create highly convincing customer service accounts on social media, monitor and intercept customer requests, and respond to them with links to fraudulent sites.
Criminals often have alerts set up to inform them when someone posts about specific companies. They contact customers and usually assure them that the problem will be resolved quickly, and invite them to log in to fake websites designed to steal their credentials/install malware.
Check that the account responding to you is the official account e.g. check whether account names and handles are what you would expect, and check previous posts/when the account was created.
Do not click on suspicious links, if in doubt consider using other official channels for support issues e.g. websites/call centers.
If a page you have been directed to is asking for your details, check for signs that the page is a fake. For example, look closely at the URL for misplaced hyphens/mispellt words/anything out of the ordinary? Does the website use 'HTTPS'? You should also look closely at the language used in the page and the layout. Again, if in doubt search and use the official website independently.
Formulate a response plan for handling angler phishing attacks. This could cover:
Identify who would be responsible for handling these incidents, and make sure they know how to deal with them.
Think about how you will communicate with victims about incidents. This needs to be quick and efficient.
Identify steps to protect your customer and your system while you handle the incident e.g. locking the customer's account while you contact them.
Take down fraud accounts
Contact service providers (e.g. Twitter) to take down fraudulent accounts and monitor their activity until accounts are closed. You can also consider using a service to help you identify potential lookalike fraud sites which customers may be directed to e.g. https://dnstwister.report/.
Social Media Support Guidelines
Clearly state how your team uses social media customer support channels. Cover what you would never ask your customers to do/provide through social media.
If you've been affected by this or any other type of cyber crime, report the details to Action Fraud (0300 123 2040 / www.actionfraud.police.uk). Always keep an eye out for any suspicious follow up activity as well.