Clone phishing definition
Clone phishing is an attack where a cybercriminal makes a copy of a legitimate email from a trusted sender. The attacker alters the content of the cloned email (e.g., replaces attachments or links with malicious ones) and sends it to the original recipient from a spoofed email address.
Examples of clone phishing
- A vendor emails a company’s finance department with an invoice.
- An attacker intercepts this email, clones it, and replaces the legitimate invoice with a malicious one containing malware.
- The attacker sends the cloned email to the same recipient, making it appear like an update or correction to the original invoice.
- The recipient doesn’t suspect foul play and opens the attachment, infecting the system with malware.
- A user receives a password reset email from their social media platform due to a forgotten password request.
- An attacker clones this email and replaces the legitimate password reset link with a link to a fake login page.
- The attacker sends the cloned email to the user, claiming that the first email had an expired link.
- The user clicks on the link, enters their credentials on the fake login page, and gives them away to the attacker.
- An employee receives an email from the IT department about a software update.
- The attacker clones the email, replaces the download link with a malicious one, and sends the cloned email with a “fixed” update link.
- The employee clicks on the malicious link and downloads malware onto their system.