Seeing a Malicious Digital Double: A Clone Phishing Breakdown

Clone phishing, to put it simply, is an email's evil twin. It’s an unexpected duplicate of an email that you’ve received, but the twist? You know you’ve seen this email before.

No, you’re not seeing double. Hackers are able to intercept emails on their way to you, and without touching the email itself, they will intercept it, recreate it, and then send it to you, no questions asked. For many users, the thought remains; “They must’ve sent me a double email. No biggie, I’ll just take the information off of the most recent one.” 

Huge mistake.

These cloned emails typically replace links with malicious ones, making subtle changes to contact information and other malicious tactics to make a seemingly harmless email a bug infested headache. 

But not to worry! While it may seem like a daunting task to catch something that looks *exactly* the same, we’ll teach you the tips, tricks and understanding of clone phishing and how you won’t be the one fooled by double (email) trouble.

Techniques Used in Clone Phishing

1. Impersonation: Attackers mimic trusted sources, like colleagues or service providers, to gain the recipient’s trust.
2. Malicious Links: Links are slightly altered to direct recipients to phishing sites or download malware.
3. Fake Attachments: Attachments are replaced with malware-infected files.
4. Urgency and Alarm: Emails often create a sense of urgency to prompt quick, unthinking actions.

Real-World Clone Phishing Hits

Clone phishing tactics don’t stick with the little guy. These attacks will also go after juggarnauts in the industry, and in some cases, they succeed.

• Facebook and Google Scam: A scammer cloned legitimate invoices and tricked these tech giants into paying $100 million to fraudulent accounts.
• Ubiquiti Networks: Cybercriminals used cloned emails to impersonate company executives, resulting in a $46 million loss.
  
  

Recognizing and Stopping Clone Phishing

Here is a quick list of what you can spot to easily avoid these pesky phishing scams.

• Unexpected requests for sensitive information.
• Minor inconsistencies in familiar emails, such as slight changes in email addresses or URLs.
• Unusual urgency or intense language prompts the user to act now.
• Suspicious attachments or links that seem like it shouldn’t belong.

Clone Phishing Prevention

Double-Check that Email: Always verify the sender’s email address closely to ensure it’s legitimate, as the cloned email may look completely different.

Hover Over Links: One of our favorite techniques! Hover your mouse over links without clicking to see the actual URL destination.

Not Sure Why There’s an Attachment? Don’t Click It: Before opening that attachment, consider the following: Why did I receive the same document again? 

There Can Only Be One Email!

Clone phishing is all about pulling the wool over our eyes, with the hope that we select the cloned email, see the first as a mistake, and see new details included in the duplicated email that we’re meant to select. Don’t fall for it. 

In a cyber secure world, being informed means staying protected. And we mean it! It’s possible to lower the risk of these attacks, but our defenses have to be up, and we have to make sure that when we see double, we choose the right path.