Save time with unbiased, independent feedback on vendor solutions.
Watch weekly bite-sized webinars hosted by IANS Faculty.
Staying safe in the current cyber landscape is more difficult than ever. Hackers are coming up with novel phishing attacks that are harder to spot and more damaging than before. One of the most deceptive cyberattack methods are clone phishing attacks,
and they can cause havoc to devices, networks and data with far reaching damage to your organization.
This piece provides an overview clone phishing attack and methods to help identify attacks along with best practices to build a tailored, comprehensive anti-phishing strategy.
Clone phishing is a specific form of social engineering e-mail phishing and a subset of Business Email Compromise (BEC). Targeting companies
of any size clone phishing attackers create duplicate email messages leveraging an existing or previously distributed trusted email containing legitimate attachments or links replaced with malicious ones containing ransomware, viruses, or spyware.
These phishing attacks can be sent to individuals, small companies, or Fortune 50 companies alike and easy to fall for since the hacker relies on the trustworthy nature of the copied message. Clone phishing attacks are open-ended, so there’s no
real limit to who can fall victim in an organization. It’s also relatively easy for the hacker to duplication email from many trusted organizations, which allows for endless target opportunities.
Clone phishing attacks can be very specific and convincing - similar to spear-phishing and include phished details pertaining to an upcoming event, a site frequented by your organization,
or a spoofed email pretending to be originating from your company’s CEO or other C-suite executives who are just as susceptible as entry-level interns.
Depending on the attacker and potential victim, security teams will find a lot of variability in clone phishing attacks but most typically start with the following steps as an example:
Clone phishing attacks act as an easy gateway to a malicious breach of devices, networks and data. It allows the hacker to gain broad access to the victim’s device, increasing the severity and ease of the organizations breach. Think of it like holding
the bank vault’s door open for the bank robber.
Clone phishing attacks can come in varying levels of specificity. It could mention individuals by name and even refer to people in close acquaintance groups or colleagues. Alternatively, it could broadly mention a company that you shop with and any type
of organization you frequent. However, there are a few common traits that security teams will find between different clone phishing attacks.
Since phishing is a form of social engineering the hacker will play into the employee’s emotions further improving their chances of claiming a victim.
No clone phishing attack can work without a link or attachment. This introduces the next phase of the attack.
The biggest challenge to organizations experiencing a clone phishing attempt is whether or not employees can spot the attack. A hacker might check the Outlook calendar of a small company’s CEO, then
pose as the CEO once they take a scheduled vacation. The hacker can then send an email to the staff asking for money or asking them to follow links. Since the CEO is out of the office, it’s harder to verify that it was actually sent from them.
This is just one of many examples of clone phishing attempts that are tough to spot.
These attacks can be very personal. For example, many fake emails are nearly identical to legitimate email sent from major organizations like Amazon and will mention the buyer specifically along with the recently purchased item. The email username and
account will be almost identical to Amazon’s, with just a few characters changed.
Another challenge is identifying the next stage of the hack. The next phase could involve locking your device, stealing your information, or gaining access to the entire company’s network and data. Since individuals don’t know the next step
for sure, it’s harder to spot the early signs.
In general, once a hacker gains access, they can do a lot of damage to a company. Regardless of the organization’s security architecture and risk mitigation in place, it’s very difficult to remove an unauthorized hacker once they gain access
from the inside. Since these attacks can vary so drastically, it can be very difficult to detect and prevent a clone phishing attack.
READ: Data Exfiltration: Threats, Challenges and Prevention
There are methods to detect and prevent a clone and other phishing attacks from taking down your organization. Best practices are based on security protocol, establishing policies around emails and training the organization including:
READ: How to Create an Effective Anti-Phishing Program
When it comes to clone phishing attacks, they hard to detect, easy to fall for, and anyone can be victim. Clone phishing attacks can inflict lasting damage to an organization putting critical data and networks at significant risk. Understanding how they
work, and how to prevent them is paramount.
Performing regular security risk assessments and keeping both anti-phishing tools along with risk mitigation plans updated helps security teams build effective anti-phishing programs. Employees are the weakest link in clone phishing attacks and organizations
must offer regular updates, training and simulations to help employees and management teams learn to recognize and report potential clone phishing attacks.
Although reasonable efforts will be made to ensure the completeness and accuracy of the information contained in our blog posts, no liability can be accepted by IANS or our Faculty members for the results of any actions taken by individuals or firms in
connection with such information, opinions, or advice.
February 21, 2024
By IANS Research
Learn why cloud IR is critical to security and not just another box to check. Find guidance to get started building a strong cloud IR program.
February 15, 2024
By Alex Sharpe, IANS Faculty
IANS Faculty member Alex Sharpe discusses the risks around AI adoption and provides governance guidance to make your AI launch safe and mitigate risk.
February 13, 2024
By IANS Faculty
Learn how to how to use NIST to modify secure baseline configurations to account for risk and improve security posture.