What is Clone Phishing?

Ninety-one percent (91%) of all cyber attacks begin with a phishing email. There are many types of phishing attacks, including clone phishing, which targets millions of email users every day. 

Clone phishing is a type of email phishing technique in which the hacker “clones” or imitates emails from authorized senders. The only difference is that the link within the email redirects the victim to a malicious website instead of a trusted organization. The hackers prey on users who assume these emails are from legitimate sources. It’s a subtle but malicious technique to harvest personal and business-related data.

This more subtle form of phishing goes beyond traditional phishing attempts and is harder to identify.

This article outlines the characteristics of clone phishing and how to prevent it from reaching your inbox and your organization.

This is part of a series of articles about phishing.

Clone Phishing Example

This spoof Apple site created by Chinese security researchers illustrates just how serious this threat is. Here’s how: 

• Giving out convincing email messages that informed subscribers about Apple’s latest products and services. 
• Manipulating unicode characters that look the same as the appropriate ASCII characters. For instance, registering the domain “xn–pple-43d.com”, which is equivalent to “apple.com’. 

The demonstration site proved that it is possible to create a fake website that looks eerily similar to the real https://www.apple.com URL. This makes it even more difficult for even the most careful people to stay safe online. 

A lot of clone phishing scams happen through email messages. These messages typically give the reader a sense of urgency by offering huge discounts for their favorite products, reactivating their subscriptions, and so on.  This makes it incredibly easy for unsuspecting victims to fall for a clone phishing scam.

There is a silver-lining to all of this, however. A top-notch email security solution could detect these types of emails and make sure they never reach your enterprise’s inboxes, keeping your team and organization safe.

How Can You Prevent Clone Phishing?

Although phishing threats occur daily, employees can prevent clone phishing through good business practices. These include:

• Keep credentials secure, including yours and your organization’s
• Hover over the link in the email to ensure that it is pointing to a legitimate website 
• Look for slight spelling errors within the email (these are common in phishing emails) 
• Check the sender’s email address and domain to see if it is coming from a trusted and legitimate source
• Educate your team on cyber security and how to identify phishing emails

Most importantly, organizations should consider using an email security solution that incorporates the following capabilities to ensure that clone phishing emails never reach your inbox:

• Dynamic Scanning: Scans files & URLs inside an isolated environment to detect malicious code execution
• Image Recognition: Deploys an engine using several advanced image recognition algorithms to validate if URLs are legitimate sites
• Recursive Unpacking: Unpacks the content into smaller units (files and URLs) to identify hidden malicious attacks
• URL Reputation: Incorporates data from the top 4 URL reputation engines to monitor global traffic for phishing attempts
• Threat Intelligence: Combines multiple threat intelligence sources with a unique engine that scans URLs and files in the wild to warn about potential or current attacks

Related content: Read our guide to phishing detection.

Perception Point’s email security solution prevents clone phishing through advanced detection technologies, keeping your team safe from malicious online actors and hackers. 

Here’s some related content you may enjoy: How to Prevent Phishing