Clone Phishing is when hackers produce fake, nearly identical copies of legitimate, trusted emails from trustworthy sources to lure targets into unknowingly giving away their private data. These spoofed emails often have a subject heading that looks like it belongs to the original sender but carries a number of suspicious signs. For example, it may be written from the name of “Dear sender” and contains “from” instead of “to.” Also, the sender’s email address may be completely different than the one linked in the email chain.
To effectively protect yourself against Clone Phishing, you must first understand what it is and how it works. Before this, however, we need to put some context into the mix. Strictly speaking, “Clone Phishing” is when cybercriminals create specific emails that appear to be sent from you or to you but are actually sent from someone else with an intention of causing personal harm. This includes but is not limited to, phishing for financial gain, open-source software, credit cards, confidential business information, and more.
The most common goal of clone phishing attacks is to obtain access to an individual’s personal information. To do this, the perpetrator breaks out of his or her victim’s firewall by sending repeated fake emails. As you may know, these types of emails always contain a signature that states something like” Updated Version,” “For your information,” or “Moved Past This.” As you may well expect, if you receive this type of email more than once, you are likely to have been the victim of a phishing attack. The attacker’s goal is to get you to open the link provided or to follow an internal link within the email that will automatically take them to a fraudulent website where they can obtain important information from you.
In addition to impersonating a legitimate sender, clone phishing works to cover up another common but illegal method – tricking the recipient into clicking a link. It has long been illegal to conduct link harvesting from emails, because in essence the act of tricking the recipient into opening a link could constitute a criminal offense. However, it is possible to spoof email messages to seem as though they came from a legitimate sender, thereby making it more likely that the reader will click on a link. Because these messages are typically encrypted, this is a much less visible way to get into your computer.
Many people who are caught in this type of email phishing attack end up having their computers hacked due to a link that was included in the email itself. What is unfortunate is that many of these hackers who gained access to the target’s personal information did so without the knowledge or consent of the recipient. What makes it particularly disturbing is that it takes only one “click” for the hacker to gain access to everything that you have stored on your computer. Once this has been accomplished, it becomes much easier for this personal information to be used against you in a variety of malicious ways.
There are two major types of phishing emails. The first, known as spoofing, does not require an actual entity to sign up in order to start sharing your information. All that is necessary is for the person sending the emails to create a fake email account with the same address as an actual organization or business. The second, known as spear phishing, requires the sender to insert some sort of executable program into the email that the recipient is directed to. When the computer reads the embedded code and executes it, the malware performs a number of different activities which can include the takeover of the target’s system and the installation of a number of different types of malware onto the system.
Since clone phishing attacks do not require a sign-up, they are very commonly used by cybercriminals. For example, if someone emails a link to a bogus website that promises big savings at some point in the future, there is a high chance that the recipient will click on the link in order to gain access to the great savings. Even more common, the user might be asked to download something – such as a freeware application – which may have a virus attached to it. Once, the user downloads and installs the freeware application, the hacker then has full control of the system. Since the application has been placed on the computer by a third party, it has the ability to cause all kinds of damage to the PC.
In order to protect yourself from these attacks, you need to make sure that you don’t provide any personally identifying details through your business email compromise strategy. Businesses should never use their own email accounts as the means of communicating with customers or clients. The hacker could intercept this communication and use it against you. Cloning phishing attacks, when carried out by a sophisticated attacker, is a very real and worrying threat to most businesses today – regardless of how safe you think your web communications are.