Clone Phishing

Clone phishing is a type of cyberattack in which the attacker creates a copy of a real email from a reliable address. The hacker then modifies the content in the cloned email and forwards it to the intended recipient with malicious links and files.

Examples of Clone phishing

Invoice update

  • A vendor sends an email containing an invoice to a company’s finance department.
  • The hacker intercepts this email, clones it, and inserts malicious software to replace the legitimate invoice.
  • The hacker then sends the cloned email to the same recipient, such that it appears like an update or authorised modification to the initial invoice.
  • Thus the recipient will not suspect foul play and proceeds to open the attachment, thereby infecting the system with malware.

Password reset

  • The user gets a password reset email from their social media platform, often from a forgotten password request.
  • The hacker clones this email and changes the legitimate password reset link to link to a fake login page.
  • The hacker sends the cloned email to the user, alerting them that the first email had an expired link.
  • The unsuspecting user then clicks on the link and enters their legitimate credentials on the fake login page, thus exposing their real details.

Software update

  • An employee gets an email from their IT department regarding a software update.
  • The hacker clones this email, changes the download link to a malicious one, and sends the cloned email with an update link tagged as “fixed”.
  • The employee clicks on the malicious link and inadvertently downloads malware onto their system.