The proliferation of personal computers coinciding with the popularization of the internet promised us all untold richness of information. What it neglected to inform us about was the attendant rise of cybercriminal behaviour. Malware, identity theft and emails promising us everything from weight loss to lost treasures have multiplied alongside increases in bandwidth. But over time, cybercriminals have had to work harder to extract sensitive information from us. Spamming has evolved into phishing and phishing into more specialized forms such as clone phishing. What is clone phishing and how does clone phishing work? In this post, we’ll break down and analyze this contemporary form of cybercriminality.
Clone phishing is a specialized type of phishing. Phishing is a social engineering attack used to acquire sensitive data by tricking the victim into giving it up. This could be done by tricking them into giving it up voluntarily or it might be clandestinely extracted from the victim using malware or some other type of digital trickery. Clone phishing fine-tunes the phishing attack by copying legitimate messages to make fake ones appear genuine. This can be done when a cybercriminal inserts themselves into an authentic email interaction and redirects responses which allows them to assume the identity of the original sender. Or they can simply copy a previously composed email and send it out while pretending to be the original sender. The copied or cloned email might contain requests for sensitive information, malicious links that lead to illegitimate websites or attachments that contain malware. Clone phishing attacks may also be designed to spread from the original victim to their entire contact list.
The main characteristic of a clone phishing attack is the copying or cloning of a legitimate email and having it re-engineered to extract sensitive data from the victim. The email is made to appear to come from a legitimate source, but the legitimate source has been compromised by the cybercriminal and the trusted identity is now being used to obtain information from the victim. Clone phishing messages can often appear as a reply to a previous legitimate email interaction that the victim was involved with. This can lull them into believing the message is coming from the original source whereas, in fact, it’s been sent by a cybercriminal.
Clone phishing attacks are difficult to recognize because they copy legitimate emails. For this reason, it’s important to pay particular attention to every email that you receive – especially ones that ask for sensitive data or contain links and attachments. It’s important to take note if a message contains spelling or grammar errors that are unusual for the sender. Very often, clone phishing attacks originate from a foreign country in which the first language is not the same as the supposed sender. Checking to ensure the sender’s email address appears correct can also tip someone off that they’re being targeted with a clone phishing attack. Legitimate institutions will very rarely, if ever, use publicly available email services such as Gmail or Hotmail. Noting the email address suffix can also suggest whether the message is legitimate. An email with a .net or .org suffix from an organization that generally uses .com can flag it as a clone phishing attempt.
To learn more about protecting your business from phishing and other cyber-attacks, get a free assessment today.