As more of our lives tend to take place online, crime has moved from the streets to the internet. And while cybercrime may not be as physically dangerous as being accosted in a dark back alley, the damages can still be incredibly severe. With banking details, online shopping accounts and personal information spread across the World Wide Web, cybercriminals have a plethora of opportunities at their fingertips. Email phishing and its evolved descendant, clone phishing, have been effectively used by cybercriminals to gain access to sensitive data for several years now. This makes it all the more important to understand how they work and what can be done to avoid their pitfalls. In this article, we’ll learn how to prevent clone phishing and how to recognize if you’ve been targeted.
Clone phishing is a refined version of email phishing. Email phishing is the practice of sending out email messages to potential victims hoping to trick them into clicking on a fraudulent link. That link will lead them to a third-party website that asks the victim to provide the sought-after information. This could be usernames and passwords, banking and financial details or other sensitive personal information. Phishing emails can also be used to infect the victim’s device with malware.
Clone phishing is a more sophisticated version of phishing where the cybercriminal can intercept a legitimate email exchange and insert themselves into the conversation. The cybercriminal will impersonate one of the parties and try to extract information from the victim directly, by sending them to a website used for harvesting information or by infecting the victim’s device with malware. Victims are more easily fooled by clone phishing attacks because they’re simply continuing a legitimate conversation without realizing they’re no longer communicating with the intended party. Oftentimes a successful clone phishing attack will then duplicate the victim’s email messages and target their contact list with further clone phishing attacks.
The obvious way to prevent clone phishing is to not be fooled in the first place. That said, clone phishing attacks can be very difficult to recognize because the victim is often initially dealing with a trusted source who is suddenly co-opted by the cybercriminal. However, some things can be used to identify a clone phishing attack.
Clone phishing attacks often create a sense of urgency that is often unusual for a legitimate sender. For example, a fake credit card company email message might ask you to log in to prevent your card from being blocked.
Other types of clone phishing messaging might include warnings that you’ve been attacked by a computer virus or you’ve been chosen for a limited-time offer that requires banking details or logging into a fraudulent site.
Fraudulent websites might not have a secure connection that can be identified by an “http” URL rather than an “https” URL.
You should also pay attention to the URLs to ensure they’re correct. Cybercriminals will often create fake websites using URLs that are very similar to legitimate ones. For example, a fake website might use .co instead of .com. Or there may be slight variations in the URL spelling such as My-bank.com instead of Mybank.com.
It’s sometimes possible to detect fake links by hovering your cursor over the link. This will often identify the URL you’ll be sent towards if you click the link. It’s very easy for a cybercriminal to make the link appear that it’ll send you to one place while actually sending you somewhere else.
To learn more about protecting your business from phishing and other cyber-attacks, get a free assessment today.