The legitimate attachment or link embedded in the email is replaced with a malicious version and then sent from a spoofed email address, so it appears to come from the original sender. Clone phishing can refer to a previous message that the recipient sent to the legitimate sender.
What Does Clone Phishing Look Like?
- Sent from an email address spoofed to appear to come from the original sender
- The attachment or link within the email is replaced with a malicious version
- It may claim to be a resend of the original or an updated version to the original.
Tips & best practices for recognizing & defending against Clone Phishing attacks:
- If an email appears strange in any way, contact the sender with a phone call to confirm the legitimacy of the email.
- If you receive an email from a source you know but it seems suspicious, contact that source with a new email, rather than hitting “reply”.
- Scan all attachments for viruses or malicious code.
- Verify shared links to ensure that they do not lead to fraudulent websites or dangerous code.
- Check for spelling and grammatical errors which can indicate that an email is fraudulent or malicious. Also, keep an eye out for suspicious subject lines and signatures.
- Think before you act! Take adequate time to thoroughly evaluate each email you receive before clicking on links or downloading attachments. For example, ask yourself: Does an order confirmation email you’ve received correspond to a recent purchase you have made? Do the sender and recipient addresses make sense?
Implement a comprehensive, fully-managed cloud email security solution. Investing in an advanced, multi-layered email security solution that prevents all malicious and fraudulent emails from reaching the inbox is the most effective way to prevent clone phishing and other dangerous social engineering and impersonation attacks.