What is Clone Phishing?
Table of Contents
- By Bryan Lee
- Published: Nov 04, 2022
- Last Updated: Nov 08, 2022
For most people, the internet is a poorly guarded vault holding all their personal data. Cybercriminals are constantly creating new ways to bypass security and steal that information.
The cyberterrorism represented in movies has a lot of flash. Long strings of numbers arc across the screen as the genius hacker works their magic. But the truth is that most attacks don't require much skill—just a moment of inattention or laziness from an individual.
Phishing and other social attacks make up an overwhelming majority of all cybercrimes. Clone phishing is among the most believable phishing strategies that criminals use.
What is Clone Phishing?
Clone phishing is a phishing attack that uses email messages to trick users into giving up sensitive information. These emails include links that automatically install malware when clicked and appear nearly identical to official emails sent by specific organizations. Victims unwittingly click the links believing they're communicating with a trusted and legitimate source.
High-effort clone phishing scams will even recreate entire websites and social media pages to trick their victims. These spoofed sites are indistinguishable from legitimate ones and aim to steal the target's login credentials.
It's also sometimes called "brand spoofing" or "social engineering"—as opposed to technical attacks—because it relies on humans being tricked rather than computers being hacked.
Clone Phishing Examples
In 2015, a series of phishing attacks targeted Star Wars fans who were excited about The Force Awakens. The emails impersonated popular Star Wars-themed social media groups and leveraged fans' desperation to get tickets. It didn't help that tickets were selling for $100/each with multiple months left before the movie’s release.
A commonly used example of clone phishing email tries to imitate banks or financial institutions. The email security company, Vade, found that over a third of phishing URLs pretended to come from financial services. The message typically mentions some suspicious activity or security breach that requires immediate action. The hope is to use people's financial fear to force them into making a hasty decision.
Similar strategies are used under the guise of social media sites, government agencies, and trusted retailers. Clone phishing is an increasingly dangerous psychological attack as scammers learn more about each individual.
Recognizing a Clone Phishing Email
Recognizing a cloned email from a legitimate one isn't always easy. It takes a lot of energy to remain vigilant at all times, but luckily, detecting a phishing attack is mostly intuition. So, knowing the warning signs goes a long way in protecting yourself.
Grammatical Errors
Phishing clones do their best to mimic the language and professionalism of trusted organizations, but that isn't always possible. Artificial intelligence programs even write emails for some scams, so the quality can vary widely depending on its sophistication. Carefully read your emails, and don't give the sender the benefit of the doubt when it comes to spelling issues.
Unfamiliar Email Address
Anyone who has made an email account knows that most names are hard to get. There are probably over ten thousand "John.Smith" email address variations. Providers don't allow duplicates, so scammers have to settle for the next best thing. They'll use similar-looking characters in place of others to emulate the official email. An easy and hard-to-catch example is replacing a lowercase "L" with an uppercase "I."
Ordering Urgent Action
Emails that play on a target's sense of urgency are the easiest to spot and should be treated with the utmost caution. Frequent scare tactics threaten punitive actions like account closures, financial loss, or identity fraud. Despite how shady this sounds, the anxiety they create forces many people to ignore their suspicions and take hasty action.
How to Avoid Clone Phishing
The easiest way to avoid clone phishing scams is to never interact with suspicious emails. However, there's always a chance that we're wrong. Maybe that email truly was a warning from the bank about suspicious activity.
Sometimes we need to act, but that doesn't mean blindly clicking on every link that pops up. The increased security features of anti-malware and email providers provide many options to keep ourselves safe.
Confirm URLs
This precaution is similar to checking the sender's email address, but it takes a little more effort due to how complicated some URLs can be.
Just like email addresses, there are no websites with the same address. Scammers will change a small part of it and keep the rest the same. Some common changes include switching the top-level domains (.com, .org, .net) or using "HTTP" instead of the more secure "HTTPS."
If you've already clicked a suspicious link, then Google the official website (it will usually be the first result) and compare the two pages.
Contact the Sender Directly
If you're familiar with who the sender is attempting to impersonate, then reach out directly. This communication can be the quickest way to confirm an attempted clone phishing attack.
If the suspected party is a large corporation, then call through their professional line and ask for verification. Chances are that the company doesn't even have you on their email list.
Anti-Spam Software
Anti-spam software has grown a lot in the past decade out of necessity. It can identify both phishing sites and scan links for dangerous messages. Not only do most anti-spam software detect threats, but they also keep a log of known phishing sites and automatically filter them out.
Take Advantage of Password Managers
On top of being one of the most impactful "quality of life" additions to internet browsers, password managers are perfect for detecting cloned websites. Once a user has logged into a website's official URL once, the password manager can record it for future use. So, if they ever wind up on a fake website, the password manager won't recognize it and autofill the login credentials.
Conclusion
Clone phishing is a growing problem that can cause severe damage to individuals and organizations alike. Preparing with the proper defensive measures is essential to protecting your vital information from malicious scammers.
Learning to recognize clone phishing when it happens will take some effort at first. But soon, you'll notice the warning signs intuitively and effortlessly take the appropriate action to remain safe online.
