Website cloning combined with clone phishing is an example of existing email phishing and credential harvesting filled with new creative ways for hackers to bypass email filters with suspicious emails.
Powered by a next-generation cloud-based email filtering solution, Trustifi helps clients address the need to protect against website cloning and clone phishing.
The Threat of Website and Email Cloning Becoming a Big Global Problem.
According to a study by Deloitte, email phishing continues to be the source of over 91% of all data breaches.
The risk of these aggressive tactics warrants every organization to consider moving their current email security strategy and migrating to an AI-powered cloud solution. The risk of clone phishing required more proactive measures beyond essential continuous monitoring and reactionary email security.
These additional hacking techniques add complexity, including using stolen content from the original message embedded in the email thread. Hackers, harvesting login credentials access from their victim’s email accounts, extract specific messages from the initial email, including malicious attachments and links, to execute their clone phishing attempt.
Security operations (SecOps) teams and email administrator continue to look for ways to shore up their email defense strategies to deal with new business email compromises caused by clone phishing emails and other fake emails.
What would be the risk to the organization if they decide to stay on existing secure email gateways(SEG) and non-AI-powered solutions?
What is Website Cloning?
The idea behind website cloning originates in domain impersonations of well-known brands, including Google, Apple, and Forever21.
This attack method takes content from legacy websites and mimics every website detail, including a link for users to “fill out” to receive more information.
Hackers use several common attributes in their attack sequence, including:
- Lookalike domains: www.google.com – www.readysupport-google.com
- Image capturing from the existing legitimate page.
- Login screen in the same position as the legitimate website (credential harvesting)
How do hackers connect with their victims?
What is Clone Phishing?
Like website cloning, hackers take portions of content from stolen email messages to contact their victims. Often, email phishing starts with well-crafted initial messages. Clone email phishing takes actual content and creates a “reply” message instead of making an initial message. This clever tactic has bypassed many legacy email gateways because the message reads like a conversation already in progress, including actual content that lived in a previous message.
Here is an example of a clone phishing and website cloning message.
Subject: Reply – Additional Information Request
Mary(Spear phishing attack),
Thank you for the reply. If you can log in to your account, you will see the most current mortgage rates and a link to your application.
To access our VIP portal, please click here and log in with a username and password. (The hacker inserts a fake domain and message, including a link to a cloned website). You should receive a notification email (scam email with a suspicious link) with your complete application and closing instructions.
Thank you again for the opportunity to help you with your home loan. If you need anything, please contact me on my number(social engineering) at 769-123-6543 (Hacker’s ghost phone) anytime.
Stephen
Most email filtering solutions will scan this message and see legitimate communications. Hackers monitor the rogue links and their ghost phones to see if the potential victims click on the malicious login link or call the number provided.
What Should Users Look Forward When Dealing with Website Cloning and Clone Phishing?
Not every hacking technique or malicious activity is perfect. Users should know things that just look out of place. Cloned websites often have missing pictures or display different fonts. Usually, the users’ initial reaction comes down to trusting their instincts and choosing not to click on the phishing link or reply again to a possible fraudulent email.
Here are some tips for users if they suspect a clone phishing or website clone attack.
- Users attempting to log into a known website and receive an “incorrect password or username” realize something is wrong, primarily if the same credentials work on other websites.
- While this nuisance happens, users still should know any email that asks them to click on a link to enter their credentials, or if they become redirected to another website, check the domain to ensure this is the expected landing page.
- If you have landed on a website that looks different from before, this is a cloned website. You should close your browser and mark the email as a phishing attack to your SecOps team.
- Users should complete their organizations’ security awareness training to better prepare for these phishing attacks.
What is the Role of Trustifi’s Cloud-Based Email Security Platform?
A considerable portion of stopping website cloning and clone phishing starts with an email security platform that understands how to dissect an attack, looking for several components within the kill chain, not just inside the message.
Trustifi’s cloud-based AI-powered consolidated platform leverages several filtering engines, DMARC, and website reputation and analyzes every link embedded within the message to determine if they are malicious. Based on this advanced email protection strategy, Trustifi’s solution knows how to identify and quarantine clone phishing that could lead to credential harvesting and ransomware.
Why Trustifi?
Trustifi offers a consolidated solution pricing to support small and midsize enterprise marketplaces. Trustifi requires fewer security operations, time allocation, and management resources.
Trustifi’s agile platform offers several proven security controls to help prevent the following attacks:
-
Next-Gen Clone Phishing: Trustifi uses AI, feeds, and proprietary metrics to detect and quarantine malicious emails, URLs, and files that aim to steal the recipient’s data.
- Website Cloning and Domain Impersonation: Trustifi’s advanced email security platform detects and tags the impersonation of the recipient’s contacts to ensure safe correspondence with a genuine connection. Also, it can identify actual emails from a brand.
- Credential Theft – Account Takeover: Trustifi has unique metrics to detect malicious emails even though they come from a known contact and allows listed senders.
