Phishing cloning: a captivating advanced phishing technique

Clone Phishing: a new enemy for the most cautious users

A NordVPN study reveals that 84% of users have already been exposed to cyber-engineering related behaviors and more than a third of them have fallen victim to phishing related email scams. Experts believe that a new type of phishing is starting to emerge recently, clone phishing, which can fool even the most cautious users.

Clone phishing is a scam where a cybercriminal duplicates a legitimate email or website to trick the victim into divulging personal information. The duplicate email is nearly identical to the original and has legitimate details, which makes clone phishing harder to detect than other types of phishing attacks.

“Even though users are learning and becoming more cautious every time they have a computer security issue, criminals are not making it easy for them by constantly developing new techniques to target people,” said Adrianus Warmenhoven, cybersecurity expert at NordVPN. Clone phishing attacks take phishing to the next level, as the emails are usually highly personalized and duplicate something the victim has received in the past.”

What is Clone Phishing and how does it work?

Cloning phishing is a method used by cybercriminals to trick their victims. In this type of phishing, the attacker starts by intercepting a message sent to a user by a legitimate source (for example, a bank, a customer support service, a money transfer site or an employer). Hackers can use a variety of techniques to intercept emails, including DNS hijacking. However, in order to carry out a successful cloning phishing attack, a hacker does not always need to intercept emails, as these cloned emails are very difficult to detect because they are identical to the original.

  OpenAI launches ChatGPT Enterprise, a version optimized for professional structures

Once this is done, the scammer creates a replica of the email and sends it to the victim, encouraging them to act quickly. Scammers want their victims to act quickly, so phishing emails always look urgent. You may see common social engineering tactics such as asking users to change their passwords or provide other sensitive data because their account has allegedly been “compromised.” It is also common for cloning scams to contain a malicious link that the user may click thinking they will access a legitimate site.

The victim opens the email, thinking it is from a legitimate source. They may open an attached file (for example, a PDF document) that will instantly install malware on their machine and give them access to their sensitive information. Or they may click on a link included in the email and be redirected to a malicious site, allowing attackers to steal their information.

How to protect yourself from clone phishing attacks

Adrianus Warmenhoven, who provides a list of tips on how to avoid falling into the traps of clone phishing emails, says, “It can be difficult to spot clone phishing attacks, especially if scammers have a lot of experience creating cloned emails.” However, there are several steps that can be taken to reduce the risk of falling victim to this social engineering attack.

First, check the sender’s email address. Before clicking on anything or replying to an email, check that the sender’s email address is legitimate. Clone phishing attempts are often sent from addresses that look like the original, but contain dots, dashes, symbols or other subtle differences. Examine the email address carefully to make sure it is from a legitimate source.

  150 ultra-powerful ChatGPT prompts to boost your business

Next, do not open the links. Avoid clicking on links in your emails unless you are absolutely sure they are not a scam. Emails may contain links that redirect you to malicious sites where scammers can steal your personal information. Only open the links and buttons when you are sure and certain that the email is secure.

Finally, use spam filters. Spam filters are useful if you receive a lot of emails every day. These filters analyze the content of each email and identify unwanted or dangerous messages. Although they may not always catch a cloned email, it is advisable to use them in addition to other security measures.

In conclusion, Adrianus Warmenhoven warns: “Clone phishing emails are only dangerous when you click on the links or files they include. It is therefore advisable not to rush to trust everything you read in your inbox. It’s always safer to check with the company sending you the email and contact them by phone before providing personal information or clicking on links in your emails.”

Leave a Comment