Phishing techniques: Clone phishing


Trust is an important part of any relationship and once it has been established, you can generally ignore any kind of vetting you have to do for the person. When you trust someone, responding back to an email or message without thinking twice is second nature. 

But what if I told you that this trust can be abused by an attacker? An attacker who can ride on this trust to make you do something they want, like downloading malware. One of the many flavors of phishing out there does just this — clone phishing. 

This article will explore clone phishing. We’ll look at what clone phishing is, the different types of clone phishing, how you can spot clone phishing and what you can do to avoid falling victim to what has been called the most harmful form of phishing. 

What is clone phishing?

If the name conjures images of fish cloning or “Star Wars” movies, I must disappoint you. Instead, clone phishing refers to the email or message used by attackers. 

As mentioned earlier, trust is huge in business relationships, and this can affect tasks that seem relatively insignificant to the involved parties such as readily responding to emails and messages. Attackers are well aware that this trust relationship is an essential part of an email producing the sender’s desired effect, and they use clone phishing to take advantage of this relationship.

The different types of clone phishing

OK, so you get that the essential trust in a business relationship is abused in clone phishing. But what does a clone phishing email look like? There are three different types of clone phishing emails:

  1. An email sent from a spoofed email address intended to trick the recipient into thinking it is from a legitimate sender
  2. An (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: