It came from an address I recognize- it must be real, Right? Wrong. 

The rise of the digital age continues to bring numerous benefits to our world. But it has also given birth to a new breed of cyber threats. And they are getting more sophisticated and harder to detect. Among these threats, clone email phishing has emerged as a particularly cunning tactic to deceive unsuspecting individuals.

What even is Clone Phishing?

Clone phishing is a sophisticated form of cyber attack where scammers create fraudulent emails that closely mimic the appearance, email address and content of legitimate emails a user has already received. These emails are designed to trick recipients into divulging sensitive information, such as login credentials, financial details, or personal data by impersonating a trusted contact.

How does it work?

Cyber criminals craft the Clone Email by creating an email that closely resembles a genuine communication from a previous correspondence.  They meticulously recreate the email content, logos, branding elements, and even the sender's address to make it indistinguishable from the real thing. 

These deceptive emails often include malicious links or attachments that, when clicked or opened, install malware on the recipient's device or direct them to a fraudulent website designed to collect sensitive information.

What to look for? 

Cyber criminals are getting good. It's easy to assume it is a legitimate email. But while clone phishing attacks can be highly sophisticated, there are measures you can take to protect yourself from falling victim to this type of scam:

1. Be Vigilant: Always exercise caution when receiving emails, especially those requesting personal or financial information. Scrutinize emails for inconsistencies, spelling errors, unusual sender addresses, or generic greetings.

2. Verify the Source: Double-check the sender's email address and compare it to previous communications from the legitimate organization. If you are unsure, contact the organization directly using their official website or phone number to confirm the authenticity of the email.

3. Avoid Clicking Suspicious Links: Hover your mouse over links to preview the URL before clicking. Be cautious of shortened URLs or links that don't match the context of the email. When in doubt, manually type the organization's website address into your browser.

4. Be Wary of Attachments: Only open email attachments from trusted sources. Scan attachments with reliable antivirus software before opening them to minimize the risk of malware infection.

5. Use Two-Factor Authentication: Enable two-factor authentication whenever possible. This adds an extra layer of security to your accounts by requiring a verification code sent to your mobile device in addition to your password.

6. Educate Yourself and Others: Stay informed about the latest phishing techniques and share this knowledge with your friends, family, and colleagues. Awareness is one of the most effective tools in combating clone email phishing attacks.

Clone phishing poses a significant threat to individuals and organizations alike.  It is not a matter of if you will be targeted, but when. And it is critical that when, you are alert and aware.