What is clone phishing? Attack of the Clones!
News publisher, The Guardian, fell victim to a suspected phishing attack, through which the personal information of UK staff members was stolen. Phishing has evolved to include “clone phishing,” which is highly sophisticated and more difficult to spot.
A clone phishing attack leverages an existing or previously distributed email containing attachments or links. In the clone version, these elements are replaced with malicious doppelgangers containing ransomware, viruses, or spyware.
Clone phishing emails may appear to come from colleagues or contacts, and will look like a resend of an earlier message. Hackers may try to explain the resend by way of mentioning updates to the original version.
The attack is based on a previously seen email, which increases the likelihood that an individual will fall for the attack. Think about it – we respond almost instantly to emails from people whose names we recognize.
It’s easy to fall victim to clone phishing attacks, as they are among the most difficult types of phishing emails to detect.
How clone phishing campaigns persist?
Victims have clicked on a malicious element within a clone phishing email, the cyber attackers suddenly gain access to 100% of the victim’s contacts, to whom another clone phishing email is sent. The process continues as clone phishers send emails to a person’s contacts, a person’s contacts’ contacts’, and a person’s contacts’ contacts’ contacts.
Clone phishing vs. spear phishing
Clone phishing means that hackers have to obtain an existing or previously sent email ahead of developing a replica. Hackers often clone an email that is commonly distributed en-masse and then send the cloned version en-masse. For example, an organization that has internally and externally distributed an invitation to an event might be a target of clone phishing attacks.
In contrast, spear phishing campaigns force hackers into developing original email content that’s unique to the target’s business priorities or interests. Spear phishing campaigns are also highly targeted, and are typically only distributed to a single individual or a very limited number of individuals at a time.
Clone phishing examples
Become expert in identifying clone phishing attacks. Here is an example of what an attack could look like:
[Subject line: Quick, updated attendee list]
Hi Jennifer,
We have additional attendees registered for the promotional event in New York City on July 1st. Here is an updated list of attendees: [Malicious link here]
Thanks!
Mark
This is simply an example and it is worth noting that clone phishing attacks can take on many different written formats.
Phishing attacks can lead to irreconcilable business damage. A combination of employee awareness and multi-layered security solutions that include anti-phishing and email security capabilities can effectively mitigate clone phishing attacks. With a vision for how to enhance your cyber defenses, you’ll be well on your way to preventing clone phishing.
What is Clone Phishing?
Detect and Prevent Clone Phishing Attacks
Guardian hit by serious IT incident believed to be ransomware attack
The Guardian confirms ransomware attack stole employee data
https://techcrunch.com/2023/01/11/the-guardian-confirms-ransomware-attacks-stole-employee-data/
6 Examples of Email Phishing Scams (& how to identify them)
https://www.cybertalk.org/2023/02/08/6-examples-of-email-phishing-scams-how-to-identify-them/
FBI – Spoofing and Phishing
