Email Security

    Introduction to Clone Phishing: How Can It Be Prevented?

    Clone phishing attacks clone an email from a trusted or authoritative source and then insert a link to malware or request for sensitive information.

    by Giulian Garruba
    57BLOG_1.jpg

    Key Points

    • Clone phishing is the next evolution of spear phishing, where a fake email includes enough legitimate details to fool the recipient into believing the email is genuine.
    • Clone phishing attacks are dangerous for both businesses and individuals as they harvest extremely sensitive data that can be used to steal identities or infect entire networks.
    • The signs of a clone phishing attack are more subtle than those of standard phishing attacks because cyberattackers have worked hard to make the emails appear more authentic.

    Clone phishing, like conventional phishing, relies on email to compromise unsuspecting users. The definition of clone phishing lies in its name — a clone phishing attack will literally clone an email from a trusted or authoritative source (usually by intercepting a real email before it reaches the intended recipient) and then insert a link to malware or request for sensitive information.

    Here, we explore exactly what clone phishing is, how it works, and provide some tips to help you avoid falling prey to this sophisticated hacking technique.

    What is Clone Phishing?

    Clone phishing is an attempt to use email to gather sensitive information or compromise a user or device. Frequently, phishing attacks lead to ransomware, sniffers, or trojans, software that either steals information or holds it for ransom. For the most unsuspecting users, clone phishing emails may even request information be given in reply to the cloned email.

    Clone phishing attacks differ from conventional phishing attacks. Instead of writing an email from scratch and trying to emulate an authentic tone, style, or format, a cyberattacker intercepts a real email before the recipient receives it, then alters it to include malicious elements such as malware and links to fake websites in an attempt to elicit information.

    Like standard phishing, clone phishing emails are sent to large numbers of recipients in the hope that just one or two victims fall for the scam. Cyberattackers monitor the fake emails, and once a victim has clicked, forward the same forged email to the contacts from the victim's inbox.

    How Does Clone Phishing Work?

    Clone phishing is the next evolution of spear phishing, where a fake email includes enough legitimate details to fool the recipient into believing the email was genuine. Naturally, clone phishing also consists of some of these elements:

    • A spoofed email address that resembles a legitimate source.
    • An existing attachment or link replaced by a malicious version.
    • An updated version of an email you have previously received.

    The Dangers of Clone Phishing and Why It's Important to Be Aware

    Clone phishing attacks are dangerous for both businesses and individuals alike, as they have the potential to harvest extremely sensitive data that can be used to steal identities or infect entire networks. This can be costly, with credit card fraud affecting individuals, or multimillion-dollar lawsuits involving large organizations.

    It's imperative to be aware of clone phishing in your daily cybersecurity habits, as one slip-up could cause a lot of damage. However, there are plenty of signs to help you stay ahead of attacks and keep you safe from clone phishing emails.

    Signs of a Clone Phishing Attack

    The signs of a clone phishing attack are generally more subtle than those of standard phishing attacks. That's because cyberattackers have worked hard to make the emails appear more authentic. Just like traditional phishing, you should be looking for the following:

    • Incorrect salutations
    • Poor spelling and grammar
    • Pixelated images
    • Long and strange links
    • Promises that are too good to be true
    • Time-sensitive subject lines that demand action
    • Virus or corruption warmings
    • Unfamiliar email addresses that are overly long

    How to Prevent Clone Phishing Attacks

    Preventing clone phishing attacks first means understanding the definition of clone phishing — in other words, the fake email will probably look almost indistinguishable from the real version. Once you are aware of this, you can take several security steps to double-check that the email you have received is legitimate and not cloned. These include:

    • Double check the sender's address — often, the address may include strings of numbers and letters that look suspicious.
    • Never click on an included link until you have verified the source. You can do this by hovering over the link to see the URL.
    • If an email seems suspicious, follow up with the organization or individual in a separate email to check its authenticity.
    • Always safeguard your credentials and do not give them away quickly or without first checking they are going to the correct recipient.
    • Look for errors that may lead you to believe they are not 100% legitimate. Cloned emails may do a good job of emulating real emails, but mistakes do creep in. 
    • If you need to submit information, always ensure that the websites use the HTTPS prefix to the URL.
    • Conduct regular security training on the dangers of clone phishing attacks and examples of how they may appear in an individual's inbox.

    Tips to Protect Your Business from Clone Phishing Attacks

    Protecting your business from clone phishing attacks should form part of your general cybersecurity program. As previously mentioned, regular training, awareness, and education surrounding clone phishing should be given by trained professionals from within or outside your company. Additionally, there are some tips you can follow to help protect your business from clone phishing attacks.

    • Always use email encryption when sending the most sensitive information.
    • Always scan attachments using antivirus software for malicious code or viruses.
    • Verify shared links with other staff members to ensure they are the same and do not lead to malicious websites.
    • Take note of SSL Certificate Errors. Most cyberattackers won't bother to get proper certificates as they're aware that individuals will not check.
    • Be wary of browser plugins, as some cyberattackers can mimic these detection pages to steal data when they log in.
    • Generic error messages instead of custom messages from the website may indicate that the website is illegitimate.
    • Pop-up errors can potentially be employed to extract information from the user if you haven't checked the address bar for suspicious activity first.

    The Bottom Line: Clone Phishing

    Clone phishing is the natural evolution of phishing, through spear phishing, with each iteration of this type of cybersecurity threat becoming more sophisticated in its attempts to gather sensitive data or access websites and networks. It's important to stay up to date with the latest types of phishing threats, as it is likely that they will continue to evolve and become more sophisticated. 

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top