Cyber-criminals are masquerading as customer service sites on Facebook, luring disgruntled customers to their Facebook page in order to trick them into divulging their user name, password, and other personal information. This is called “angler phishing.”
The way this usually works is this. Let’s say you have a bad experience with your bank. Then you write and post a negative comment on Facebook or Twitter about bad service you received at your bank, for example. A cyber-crime crew will be searching Facebook for negative comments about the same bank, and direct you to a Facebook Customer Service page they have set up to impersonate the bank in question.
They will be very apologetic and solicitous, and guide you to a link to connect you with a “customer service agent.” While this chat is progressing, they will also install malware on your computer, possibly a remote access Trojan, banking Trojan, or keylogger. There may also be a form to capture you login and other personal information such as your name and address, social security number, bank account number, and the answers to your secret questions. They may even offer to help you “set up security” on your account in order to get this information from you. The ultimate goal will be to get your log-on credentials in order to access your bank account and transfer funds out of your account.
Understand that this cyber-crew may have fake Customer Service pages for many popular companies, so the approach will not necessarily come from a bank, it could be from your “Internet service provider” or your “cell phone carrier.” They set up imposter site for companies with a bad service history, and hundreds or thousands of customers, and just wait for the hot post from a disgruntled customer.
The best protection against this exploit, as is with so many social engineering exploits, is awareness and skepticism. If you really want to record a complaint with a company, go to their website directly by typing in the address or using your own browser bookmark. Anyone proactively reaching out to you should be assumed to be an imposter until you can prove otherwise. Be careful on your social networks, not everyone is as friendly as they may seem.