Search
Close this search box.

Clone phishing can trick even the most cautious users

clone phishing

A new type of phishing has started to emerge recently, clone phishing, which can trick even the most cautious users.

Clone phishing is a scam where a cyber criminal replicates a legitimate email or website to trick the victim into giving personal information. The cloned email looks almost the same as the original and contains legitimate details, making clone phishing more difficult to spot than other phishing attacks.

A survey by NordVPN showed that 84 per cent of users had experienced social engineering behaviour in the past, and more than a third of them have fallen victim to phishing email scams.

“Even though users learn and become more cautious every time they experience a cybersecurity issue, criminals don’t make it easy by constantly developing new techniques to target people. Clone phishing attacks take phishing to the next level because the emails are usually highly personalized and replicate something that a victim received in the past,” Adrianus Warmenhoven, a cybersecurity expert at NordVPN, said.

First, the attacker intercepts a message sent to a user from a legitimate source (e.g., a bank, client support service, money transfer site, or employer). Attackers may use various techniques to intercept emails, including DNS hijacking. A hacker won’t always need to intercept emails to carry out clone phishing attacks. However, if they do, these clone emails become much more difficult to spot because they look just like the original. 

After that, a scammer creates a replica of the email and sends it to the victim, urging them to take action. Scammers want their victims to act quickly, so phishing emails always sound urgent. You may see common social engineering tactics like asking users to change their passwords or provide other sensitive data because their account has been ‘compromised’. It’s also common for clone phishing scams to contain a malicious link that a user can click thinking they’ll access a legitimate website.

The victim opens the email, believing it to be from a legitimate source. They may open an attachment (e.g., a PDF document) that instantly installs malware on their machine and provides cybercriminals access to their sensitive information. Or they may click on a link included in the email and are redirected to a malicious site, allowing attackers to steal their information. 

“Spotting clone phishing attacks can be tricky, especially if the scammers have a lot of experience in creating cloned emails. However, you can take several steps to reduce the likelihood of falling victim to this social engineering attack,” Warmenhoven said.

Check the sender’s email address. Before you click anything or reply to the email, make sure the sender’s email address is legitimate. Clone phishing attempts often come from email addresses that resemble the original. However, they may have additional full stops, dashes, symbols, or other subtle differences. Check the sender’s email address carefully to ensure it’s from a legitimate source.

Don’t click on links. Avoid clicking on links unless you’re absolutely sure the email isn’t a scam. The email may contain links that redirect you to a malicious website where scammers can steal your personal information. Only click on links and buttons after you’ve confirmed that the email is safe.

Use spam filters. Spam filters are helpful if you receive a lot of emails daily. These filters analyse the content of every email and identify unwanted or dangerous messages. While they won’t always spot a cloned email, using them in addition to other measures is a good idea.

Clone phishing emails are not dangerous until you click the links or files they include. So the general recommendation is not to rush into trusting everything you read in your email inbox. It is always safer to double-check with the company that is emailing you and contact them by phone before you provide any personal information or click on the links in your emails.

CTS The industrialisation of IT
CTS - Industrialisation of IT
Related Posts
CTS The industrialisation of IT
Others have also viewed

UK businesses see boosting connectivity as integral to growth

Study reveals a great opportunity for alternative network providers (AltNets) to meet growing demand for ...
centre

Germany Energy Efficiency Act demonstrates importance of data centre supply chain collaboration

Following the signing into law of Germany’s Energy Efficiency Act (EnEfG), energy solutions specialist Aggreko ...

Systemair look to Infor’s cloud solution to deliver more sustainable products

Systemair is moving its core business system to Infor CloudSuite Manufacturing, aiming at smoother integration ...
Data Centre

Vertiv collaborates with Intel on liquid cooled solution

Vertiv is collaborating with Intel to provide a liquid cooling solution that will support the ...