Clone phishing is a type of phishing attack where hackers clone a previous legitimate email and send a copy to the recipient with malicious links. When you click on these malicious links, you’ll be directed to a third party website or your computer will download harmful files and attachments. This type of phishing can be very hard to identify because it looks identical to a previous email you’ve received from a real contact. This can be a compounding attack because if you fall victim, your email account will be compromised. The hackers will send similar clone phishing attacks to all of your contacts.
Characteristics of clone phishing
Display name spoofing: Hackers use display name spoofing to make the email look legitimate. With display spoofing, hackers can change the display name on the email you receive to make it look legitimate. The display name is the visible name seen in the email address; this can be easily spoofed while domain names and email addresses are much harder to do.
An example of a spoofed display name can be “Amazon Customer Service”, while the email address is something like email@example.com
Urgency: The new malicious email will often prompt the recipient to take a certain action. This includes downloading a file or clicking on a link within an email. The majority of your normal contacts won’t urge you to take action on a specific email. If you see an urgent request from one of your contacts, don’t click on any links or attachments.
Resend claim: A tactic that is often used in clone phishing is to claim the new spoofed email is being resent. Hackers can use the excuse that their old email did not deliver or they had technical issues. This rarely happens in real life, so if you see that claim, it should be a red flag
Effects of clone phishing
Compromised accounts: The first and most dangerous effect of clone phishing is compromised accounts. Depending on the amount of contacts one email account has, the same phishing campaign can be sent to hundreds or thousands of more people. This can start a chain of compromised accounts and the damage can be done well before it is noticed
Loss of reputation: If you’re running a business and your email account gets compromised, you put your customers and employees at risk. Saying that your account was compromised is not a good enough reason for most future victims of clone phishing. By the time the damage is noticed, the hacker could have accumulated usernames, passwords, credit card information, trade secrets and more
Downtime: A successful phishing attack on your business can lead to all operations being halted and this can lead to significant downtime. Depending on the size of your business, this can be a loss of thousands of dollars per day. This is even more detrimental if you’re a small business. Statistics have shown that most small businesses close within 6 months of a successful cyber attack.
Examples of clone phishing:
Invitation links: A common clone phishing attack is invitation links. With the rise of remote work, employees get numerous invites for Zoom or VOIP calls, events and other commitments. Clone phishing exploits this by sending invitation links that are commonly sent in your organization. By clicking on the link in the phishing email, your account can be compromised and this link can be sent to your contacts. Some can be sent via social media. For example, on Instagram, they may send you a link to get more followers on Instagram. If you click that link, it can often lead to your account being compromised.
Expiring credit: Companies often offer promotional credits as part of their marketing campaigns. Hackers often use expiring credit format emails to target a large number of consumers. With this template, hackers can use clone phishing to get thousands of consumers to click these links and compromise their email accounts.
Time sensitive subject lines: Another common strategy used by clone phishing campaigns is time sensitive subject lines. Scarcity is a common marketing tactic used in email marketing and clone phishing takes advantage of this by using scarcity to entice a person to click on a malicious link. The time sensitive subject lines will often say you have a certain amount of hours left before something happens. Any time-bound subject line should be avoided by email users.
How to prevent clone phishing:
Read over email addresses: The majority of clone phishing attempts use display name spoofing because it’s extremely hard to spoof domains and email addresses. If the email address is a Gmail account or it’s from outside your organization, it’s best to avoid it. Although this is a manual process, it’s a great first line of defense against clone phishing.
Avoid clicking on links and files: The first and easiest step you can take to avoid clone phishing is to avoid clicking on links and files in emails. The majority of businesses have their own set processes for collaborating on projects. If you have to click on a link, you can choose to hover over a link and that can help tell you the URL you’re about to get sent to.
Educate employees: Your employees are your last line of defense for cybersecurity. If a cloned phishing email manages to bypass your business’ security, your employees will be the catalyst if your business gets hacked or not. Taking simple steps like sending emails about phishing or requiring a brief phishing training annually can make a drastic difference in your cybersecurity. With a more educated workforce, you are far less likely to be susceptible to phishing attacks and other cybersecurity threats.
Tools and services you can use to prevent clone phishing:
Firewall: A firewall can be a great line of defense for your organization. With a firewall, you can automatically filter who can send emails to your business and filter out the majority of phishing attempts. A firewall acts like a gatekeeper for all attempts to gain access into your network from unrecognized sources. With a firewall, the vast majority of spam and phishing emails can be prevented from even reaching your employees. This will prevent your employees from clicking on unsolicited links and attachments in addition to avoiding suspicious sites on the internet.
Managed service provider: A managed service provider is a third party company that handles all of the IT and technical needs of your business with a subscription model. This includes the cybersecurity of your business and managed service providers take a variety of measures to prevent phishing attacks from occurring. This can be a great service to use if your business does not have IT staff and you don’t want to spend time dealing with cybersecurity issues for your business.
Phishing simulation: conducting a phishing simulation for your employees can be the most impactful way to avoid phishing attacks. Although employees hear about the dangers of phishing, they often cannot recognize a real-time phishing email. There are cybersecurity companies that offer phishing training and simulation for businesses.
With phishing simulations, your employees can see what phishing emails really look like and doing a few training exercises can help them identify and avoid the vast majority of phishing attempts. Doing a simulation or training once per year is a good way to educate your employees and avoid common phishing attacks.
Phishing response service: If your business was a victim of a successful phishing attack, it’s extremely vital to use a phishing response service to mitigate the damage. There are many types of providers that handle phishing related issues, but a phishing response service is your best possible solution. With a phishing response service, you’ll work with experts who handle phishing attacks all the time.
The faster you work with these providers, the easier it will be to get back to normal operations. The phishing response service will work with you to backup your data, restore any lost files and ensure you manage the incident adequately.