It’s called “Angler Phishing” and, yes, the name is from the scary deep-sea fish in the movie Finding Nemo. It refers to a clever new scam in which crooks impersonate the social media teams of banks and retailers in order to trick consumers into disclosing sensitive personal information.
The scam started popping up this year, and it works like this: A consumer has a question for a bank or a retailer but instead of using phone or email, they turn to Twitter (TWTR) to ask for help. Consumers know these companies have special teams to watch social media, so they are not surprised when they get a response. Unfortunately, this response may come from a cyber-crook instead of the company.
The crooks use realistic-looking social media accounts and, once the consumer responds, they quickly direct them to a fake website. The fake website is designed to look exactly like a real bank or retail site, prompting the consumer to enter information such as his or her login and password.
Here’s a screenshot, courtesy of Proofpoint (PFPT), which provides a real life example:
And here is what happens when the customer clicks on the link supplied by the helpful social media support agent, who is actually a crook. (Obviously, in both these pictures, the names of the social media accounts have been changed, and the bank’s logo has been blocked out.)
You get the idea. Both the social media agent and the website feel so real that the customer discloses all sorts of information without realizing they’re doing it. As a final kicker, once the consumer has entered all that data, the crooks will often say “thank you” and redirect the victim back to the real company website (more details here).
“The bad guys put it all together—a social media account, the website, even fake email accounts—to create a whole environment,” says Devin Redmond, a VP at Proofpoint, a firm that protects companies against email and social fraud scams.
In terms of damage, the con artists will typically use the information to go after consumers’ bank accounts directly or else to open credit cards in their name.
Get Data Sheet, Fortune’s technology newsletter.
Redmond says the “angler phishing” scam is mostly found on Twitter, but is now also turning up on Facebook (FB) and Instagram, where brands deploy social media teams to engage with consumers. He says the new con is proving effective because consumers have come to expect a response from the brands on social media, and because the crooks produce fake accounts that look so realistic.
Meanwhile, cyber criminals are already discovering other twists on the scam such as by hijacking the LinkedIn accounts of insurance brokers and wealth management advisors in order to prompt clients to hand over information.
Consumers who fall for the new phishing scam are typically reimbursed by the companies. But for brands, which have for years been exhorted to engage with their customers on social media, it’s an unpleasant reminder that crooks will follow them to those new platforms.
(This story was updated at 2:30pm ET to correct the name of Devin Redmond.)
