What Is Clone Phishing? Definition, Examples, and Prevention Measures

Cybercriminals are using phishing attacks to spread malware and other online threats. But as we get smarter and more educated in blocking their efforts, new types of attacks are constantly invented. That is why hackers are now using clone phishing to steal our money and data.

Clone phishing is a more sophisticated type of cybersecurity attack that can be harder to detect. It relies on our habit of communicating faster when we do it online. And adds a feeling of urgency or impersonates an authority to trick you. In consequence, you must stay informed if you don’t want to be the next victim.

In this article, we will define what clone phishing is, explaining how it works and how you can stay protected.

The Definition of Clone Phishing

Clone phishing is a type of cyberattack in which the attacker clones or replicates a legitimate email with the purpose of spreading malware. Hackers do this by intercepting the message and then modifying it before sending it to victims. The phishing email now contains a malicious attachment, or link (that can just replace a previously existing legitimate one).

Targets are tricked by clone phishing messages because they seem to come from a trusted organization or business. In reality, hackers can use spoofed emails to fake legitimacy. Such emails may appear sent by a client support service, your bank, or other entities that use mass messaging. Once you click on the malicious link, threat actors have access to your contacts and are able to further propagate the attack.

Other types of phishing are:

• spear phishing
• barrel phishing
• whaling phishing
• smishing

How Clone Phishing Works

This type of cyberattack is spreading especially because it is so efficient. Even a trained eye can sometimes miss the signs of a scam message.

The way this cyberattack works is easy to understand and relies on our distraction. Here are the steps:

• The scammers choose a well-known brand to impersonate. They can create a similar email address and even a fake website, using the brand characteristics. The goal is to win the target’s trust.
• A clone phishing email is sent to a large number of individuals. The message will contain a malicious element and will resemble the original communication with the brand.
• If the victim follows the instructions from the mail, he/she can download malware or be redirected to malicious websites.
• The scam can require the victim to type in personal information. This is how cybercriminals steal data without you even realizing it.
• Once the victim gives away the data, cybercriminals can use it in vicious ways.

Examples of Clone Phishing

Cybercriminals can use different tactics to make you “bite” the bait. They can use:

• An email message “spiced up” with malicious links and attachments. The text of the message persuades you to click on the malicious elements.
• A spoofed email that makes you think that it comes from a legitimate source, so you have to check it out.
• A re-sent email with a fake update or last-minute change. This is a legitimate message, slightly modified to contain the bait.

A typical example of clone phishing is an urgent email from the customer support of a trusted and widely used company, like PayPal, Amazon, etc. The email will have a sense of urgency, requiring you to log into your account “Now” or “Immediately”. The aim is to make you click the malicious link without thinking too much. This way, cybercriminals manage to collect data like credentials or credit card details.

A fake virus alert looks like an email that comes from Microsoft or Apple. It will announce to the user that the device is infected and will provide a link to download the antivirus. Needless to say, the download is malware and not an antivirus.

A refund scam will claim that you are eligible for a refund. The email, allegedly coming from a popular website, will ask for your personal or banking information before giving you the prize.

Other common clone phishing emails are limited time offers and messages that seem to be an update to a previous communication. Sometimes you can receive the “updated” email in a matter of minutes after the original message.

How to Spot Clone Phishing Attacks

Like always, knowledge is the best defense. In order to avoid the unpleasant consequences of an attack, you have to learn to recognize it.

Here are a few signs that can give away a phishing email:

• The message contains grammatical or spelling errors.
• The sender’s address resembles a legitimate one but has a slight difference (a missing sign or letter, for example).
• The text of the hyperlink and the URL do not match.
• The email domain does not match the name of the company the cybercriminals try to impersonate.
• It urges you to do something that may involve your login credentials, credit card details or other personal information.

How to Prevent Clone Phishing Attacks

Here you can read a few cybersecurity measures meant to keep you safe from cybercrime. By using them you can save your data and your money from cybercriminals.

The prevention measures include:

• Pay extra attention to the sender’s address and name to make sure it is a legitimate one.
• Ignore messages that seem too good to be true. For example: messages that promise you a high price or an unrealistically good offer.
• Use an anti-spam software to filter your emails.
• Before clicking anything suspicious, check with the organization that sends you the message to confirm that is a real one.
• Do not overshare your email and contact information.
• Scan attachments for malicious code or viruses before opening them.
• Implement cybersecurity training for your organization’s employees so they will be able to recognize a phishing email.
• Use websites with the HTTPS prefix on their URL.

How Can Heimdal® Help?

The vast majority of clone phishing attacks are delivered via email, that’s why Heimdal Email Security is a necessary addition to your spam filter.

It is a ground-breaking malware protection system that safeguards your digital communications with more security vectors than any other platform on the market. Lightweight and simple to set up, it includes cutting-edge spam filtering that detects and removes malicious attachments, screens through infected IPs and domains, and recognizes malicious links.

You can pair it with Heimdal Fraud Prevention to fill all the gaps in your email security. Your phishing protection will be significantly improved with over 125 vectors and a live monitoring team at your disposal.

Email is the most common attack vector used as an entry point into an organization’s systems.

Heimdal® Email Security

Is the next-level email protection solution which secures all your incoming and outgoing comunications.

• Completely secure your infrastructure against email-delivered threats;
• Deep content scanning for malicious attachments and links;
• Block Phishing and man-in-the-email attacks;
• Complete email-based reporting for compliance & auditing requirements;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

Wrapping Up…

Phishing is one of the most widely spread forms of cyberattacks. As research shows, 90% of security breaches in businesses are the result of a phishing attack. This is why is imperative to stay up to date with every type of scam and threat, like clone phishing.

Knowing what to expect, offers you the opportunity to be prepared and to protect your organization. And remember, if something seems fishy, probably is!

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.