Posted on August 16, 2018 Published by

What is Clone Phishing?

In a previous blog post, we explained the basics of Phishing. This post will go into detail on Clone Phishing.

What is Clone Phishing?

Phishing involves a scam, transported via electronic communication, that aims to steal sensitive data or lead a user to a bogus site filled with malware.

Clone Phishing involves taking a legitimate email in order to use it to create an almost identical email, which is then sent from a spoofed email address that is very similar to the initial sender. In most cases, the links in the email are replaced with something malicious. This is different from other types of Phishing because it is much more specific due to being a copy of an existing email.

How can Clone Phishing put you at risk?

Clone Phishing is particularly difficult to identify and often tricks users into thinking the email is valid and true. The Phishing email is a clone of an email previously delivered, so the sender will likely already receive emails from the service/provider that the message appears to come from. Therefore, the victim is less likely to be suspicious of the email.

In addition, links in the Clone Phishing email can be replaced with malicious ones. These links frequently redirect the victim to a malicious site, which may be filled with malware or put their personal data at risk of being stolen.

How can you protect yourself from Clone phishing?

  • Check the Sender of the email.
  • Hover over any links in the email to see where they will lead before you click.
  • Where possible, follow-up the email with the organisation it appears to come from.
  • Report the emails to Anti-Phishing organisations.

Pentest People have a full Phishing Platform that can be used as part of a Social Engineering engagement. Be sure to get in touch with us if this is something of interest.

%d bloggers like this: