Clone phishing is a type of cyberattack in which the attacker creates a copy of a real email from a reliable address. The hacker then modifies the content in the cloned email and forwards it to the intended recipient with malicious links and files.
Examples of Clone phishing
Invoice update
- A vendor sends an email containing an invoice to a company’s finance department.
- The hacker intercepts this email, clones it, and inserts malicious software to replace the legitimate invoice.
- The hacker then sends the cloned email to the same recipient, such that it appears like an update or authorised modification to the initial invoice.
- Thus the recipient will not suspect foul play and proceeds to open the attachment, thereby infecting the system with malware.
Password reset
- The user gets a password reset email from their social media platform, often from a forgotten password request.
- The hacker clones this email and changes the legitimate password reset link to link to a fake login page.
- The hacker sends the cloned email to the user, alerting them that the first email had an expired link.
- The unsuspecting user then clicks on the link and enters their legitimate credentials on the fake login page, thus exposing their real details.
Software update
- An employee gets an email from their IT department regarding a software update.
- The hacker clones this email, changes the download link to a malicious one, and sends the cloned email with an update link tagged as “fixed”.
- The employee clicks on the malicious link and inadvertently downloads malware onto their system.
