New Release: Email Security Awareness Training- Empower your team to proactively combat email threats with easy-to-launch phishing simulations and assessments Learn More
New Release: Email Security Awareness Training- Empower your team to proactively combat email threats with easy-to-launch phishing simulations and assessments
Learn More
What is Clone Phishing?

What is Clone Phishing?

Mark Liapustin Mark Liapustin
September 11, 2022

Email phishing has become more of a group of attacks instead of a single thread vector inside of business email compromise.  Hackers will alter their attack vectors to stay ahead of the organization’s SecOps teams. Spear phishing, angler, whaling, and clone phishing are types of phishing attacks. The next-generation phishing attack challenges the SecOps teams to a new level. Clone phishing is a whole realm in email attacks.

Background of clone phishing attack

Many phishing attacks focus on the entire organization, an individual, or maybe a specific department like accounts payable or payroll. Some phishing attacks focus on high-level executives down to an intern. What would be an accurate clone phishing definition? 

Clone phishing is an attack method that uses previously sent email content disguised as a new malicious message.

Clone emails often take previously sent legitimate emails and copy them verbatim. The sender’s tone may have been more professional, detailed, oriented, and open to assistance in the original email message compared to the malicious version. Clone phishing emails tend to show a tone with a sense of urgency and they usually have grammatical errors. A changed tone within the email should indicate that this is not a legitimate sender, so it might be a fake email.

If the original message has some URLs, the hackers will change these to point to their fake website. Many clone phishing messages will stop referring to you as Mr. Smith or Mrs. Williams (a usual practice in official emails or text messages). The hacker will use your real first name to sound more convincing and legitimate.

How to tell clone phishing from genuine emails

What are some clone phishing examples? When a user receives a clone phishing email, the message could reflect on a previous topic or a corporate announcement. Hackers will copy content from a legitimate email and alter various elements to create a clone attack in an attempt to trick users into revealing sensitive data. The cloned email could reference the actual sender in the previous message.

“John,
Thank you again for your response to the stock buyout option. Below is my original message. I asked if you could link your stock grants to our broker account website. I have noticed you have not completed this task. The deadline has passed. However, I will make an exception; please go ahead and click here http://updatemystokc.com, and input:

  • Your home address (Flag- your organization already has your home address)
  • Your social security number (Flag- your organization has this social number already)
  • Your mother’s maiden name(Flag – this is an answer response to a security question you select)
  • Your bank account number, including bank routing number (Flag – your company payroll already has this)
  • Once you input your information, I will care for everything for you!
  • Signed,

Your friend, Frde”(Flag -misspelling)

Learn what to do in case of a clone phishing attempt

Using the email example above, let’s review what parts of the message should set off a warning flag:

  • The first step – ask yourself, “did you receive this stock grant email message before?” If not, this is a clone phishing attack.
  • If you did receive an original email, look through your inbox. Compare the sender’s address and receiver’s email addresses; do they match? If not, yes, this is a clone phishing attack.
  • Did the original email have a link to update your personal information? Do these URLs match? Notice the misspelling in the latest URL.- http://updatemystokc.com – this is a clone phishing links attack.You should never click on such a malicious link.
  • If the sender’s email message asks for your mother’s maiden, this is a phishing attack. Hackers are expected to get asked this question when they attempt to impersonate on other sites.
  • Who was the original person that contacted you? Fred or Frde? If the original sender was Fred, this is a clone phishing email. Always double check these details if you don’t want to fall victim to this type of attacks.

Now that we’ve seen what is clone phishing, what are the steps users and organizations can take to prevent clone phishing attacks?

Stopping phishing messages require more than just technology. SecOps teams and corporate users need to exercise good cybersecurity governance to prevent a successful phishing attack. Phishing scams will happen. Hackers keep using a variety of phishing attempts because, at some point, a user will accidentally click on malicious links buried inside of email messages.

What can users do to help stop these attacks from impacting the organization?

  • Complete all security awareness training and practice what you learn.
  • If a message sounds too good to be true, it probably is. Mark it as spam and delete the message
  • Before you click on any link inside of your email, use your mouse to scan over the URL. Look for misspelled words. Ensure the link goes to a website that matches the sender’s email address

Remember that all phishing techniques will change in time. Users should expect any form of phishing attack to happen each day.

Call to action – the impact of cyber attacks

Based on the latest report from IBM, the cost per breach, “data breach costs rose from USD 3.86 million to USD 4.24 million, the highest average total cost in the 17-year history of this report.”

With the rise of cyberattacks on the firms’ databases, services, networks, and bank accounts, assessing a company’s cybersecurity posture and risk capacity before hackers do is crucial for every business. One security breach involving credential theft can cause the permanent loss of clients’ and stakeholders’ trust and, in some situations, can even lead to bankruptcy.

Enabling email security is critical to preventing financial information leaks and brand damage to the organization. Companies should also educate users to tell spoofed email or clone email from legitimate ones.

Enabling email security services from Trustifi

To prevent a clone phishing scam, Trustifi’s Inbound Shield imposes a layer of protection between your email system and the outside world. Using Artificial Intelligence (AI) and dynamic engines, Inbound Shield readily identifies and blocks suspicious inbound phishing emails. In addition to scanning and eliminating malicious email content, the Inbound Shield looks for a host of anomalies, including:

  • Imposters are sending cloned emails from falsified domains.
  • Requests for money transfers and sensitive information (banking account information and other sensitive data).
  • Links to impersonated websites.
  • Attachments contain executable code snippets, SQL injection strings, and the like. These filtering processes take milliseconds to run and can even detect unprecedented zero-day malware, voice phishing and barrel phishing attacks.

    Trustifi provides advanced protection against cyber threats to an organization’s email system. Trustifi features the Inbound Shield that acts as an email filter. As soon as Trustifi’s Inbound Shield is deployed to your company’s email system, sophisticated AI software begins scanning every email received by your server. Each incoming email is placed in a sandbox where Inbound Shield’s multi-layered detection inspects everything about the email, including sender addresses, email subject line, content, links, and attachments. An email must pass all tests at each layer to be deemed safe.

    Trustifi leverages its world-class cloud-based email security platform to protect your organization from spear phishing campaigns and clone phishing attacks.

    Their system leverage several protection strategies, including:

    • Email Content and Headers
    • AI detects and classifies BEC, VEC attacks, Spam emails, and GRAY emails.
    • Header analysis detects spoofing and impersonation techniques.
    • Links – Advanced Methods to Catch the Most Sophisticated Phishing Sites
    • Deep analysis based on content, metadata, and domain reputation.
    • Proprietary method to catch zero-day phishing sites.
    • Files – Deep Scanning
    • Detects and neutralizes malicious codes, malicious content and links inside files.
    • Searches zipped and archived files.
    • Sandboxes all messages until they are determined safe.

    What Is Clone Phishing: Explained

    Trustifi is a cyber security firm featuring cyber defense solutions delivered on software as a service platform. Trustifi leads the market with the easiest to use and deploy email security products, providing both inbound and outbound email security from a single vendor.

    As a global cybersecurity provider of both inbound and outbound email protection, Trustifi currently supports customers from countries including the USA, Canada, Brazil, the Dominican Republic, the UK, the Netherlands, India, the UAE, China, and Japan, Cyprus, the Philippines, and more. The company has also developed “One-Click Compliance” capabilities that cater to world security regulations, including PDPO for Hong Kong, POPI for South Africa, GDPR for Europe, and LGPD for Brazil.

    Request A Demo: Trustifi: Email Security Solutions

    Whether you’re looking for an extra layer of protection in your existing email environment or a complete suite solution, the expertise and simplicity Trustifi offers will exceed your expectations. Let’s discuss a customized email security plan that fits your needs perfectly.

Related Posts