Clone phishing

Clone phishing definition

Clone phishing is an attack where a cybercriminal makes a copy of a legitimate email from a trusted sender. The attacker alters the content of the cloned email (e.g., replaces attachments or links with malicious ones) and sends it to the original recipient from a spoofed email address.

See also: angler phishing, anti-phishing service, HTTPS phishing, ice phishing

Examples of clone phishing

Invoice update

• A vendor emails a company's finance department with an invoice.
• An attacker intercepts this email, clones it, and replaces the legitimate invoice with a malicious one containing malware.
• The attacker sends the cloned email to the same recipient, making it appear like an update or correction to the original invoice.
• The recipient doesn’t suspect foul play and opens the attachment, infecting the system with malware.

Password reset

• A user receives a password reset email from their social media platform due to a forgotten password request.
• An attacker clones this email and replaces the legitimate password reset link with a link to a fake login page.
• The attacker sends the cloned email to the user, claiming that the first email had an expired link.
• The user clicks on the link, enters their credentials on the fake login page, and gives them away to the attacker.

Software update

• An employee receives an email from the IT department about a software update.
• The attacker clones the email, replaces the download link with a malicious one, and sends the cloned email with a “fixed” update link.
• The employee clicks on the malicious link and downloads malware onto their system.