What is clone phishing?
by Chloe Bowen Chief of Staff
In this modern and digital world, internet users have become accustomed to receiving an extraordinarily high volume of emails from companies, organizations, and service providers.
Although it can be irritating to receive so many emails on a regular basis, most people don’t think twice about it and place a great deal of trust in the veracity of the email senders. However, it’s this very trust that often places victims at the center of online attacks.
Email phishing attacks have become more sophisticated and difficult to spot; in hackers’ efforts to deceive unsuspecting email recipients, clone phishing takes phishing attacks to the next level.
It’s critical that healthcare providers are aware of what clone phishing is, how to recognize it, and how to prevent it from happening. Otherwise, they run the risk of exposing their patients and possibly their facility to further phishing attacks.
Clone Phishing: a step beyond basic phishing attacks
A clone phishing attack looks like this: A hacker clones a legitimate email message word-for-word from a trusted organization or business. Clone phishing is harder to detect because the official-looking email appears to come from a reputable source.
Hackers use display name spoofing to add a layer of legitimacy, fooling many receivers into believing they’re actually looking at an email from a company they trust.
The hacker carefully edits the once-genuine email message by replacing links that redirect the receiver to fake websites, or by attaching malicious files that the user is prompted to open. Once a victim falls for the fake email, the hacker can then forward the same cloned message to the contacts from the victim’s email account.
By impersonating email addresses from reputable sources, email recipients are much more likely to fall for the attack and open the malicious link or attachment.
What are some examples of clone phishing?
Because clone phishing attacks involve copying an email from a trusted organization with a fake email address, they’re more difficult to recognize at first glance. Learn to spot these attacks by knowing what some common examples of clone phishing attacks are:
- Time-sensitive subject lines such as, “Hurry before your credit expires!”, “Click HERE to get your refund before it’s too late”, or “Your discount expires on X date!”
- Urgent messages that compel the recipient to click a link or open a file
- Virus warnings that ask the recipient to download a file to check for malicious software
- Invitations to collect rewards, coupons, or promotions
- Email messages that claim to be resent from a legitimate source
Clone phishing attacks rely on the fact that email recipients: 1) receive dozens of emails, if not more, throughout the course of the day, and 2) trust an email’s sender at face value without checking the actual email domain.
Signs of clone phishing attacks
Although clone phishing attacks may appear legitimate at first, there are some giveaways that will stand out if you know what to look for:
- Email addresses that don’t match: The sender of the cloned email may attempt to use an actual name or email address from a trusted source, but it may be off in a small way. It could be a misspelled name, or an address that’s missing a letter.
- Obvious grammatical or spelling errors
- Impersonated email domains that don’t quite match the actual company’s name
- Hyperlinked text that doesn’t match the actual URL: By hovering over the link, you can see the URL in the bottom left corner of your screen without actually clicking on it. If it doesn’t appear to match the description of the link, you should not open it under any circumstances.
How to protect against clone phishing attacks?
Email recipients can protect themselves from clone phishing attacks by doing the following:
- Ignoring emails with messages that are too good to be true or promise some sort of reward
- Double-checking the email sender’s name and email address to see if it matches the original
- Hovering over links to check the authenticity
- If you suspect an email is false, following up with the organization in a new email thread. Better yet, calling the sender
- Looking for small errors in the email message
- Refraining from sharing your email and contact information
- Using anti-spam software to filter out phishing attacks
Protect your organization from clone phishing attacks
At an institutional level, healthcare providers should make it a priority to train all employees to recognize clone phishing attacks. When employees are educated in cyber awareness, they can greatly reduce the threat of exposing the entire organization as well as your patients to a hacker’s attacks.
Healthcare organizations, which already require HIPAA compliant email, can add an extra level of security by implementing Paubox Email Suite Plus. On top of providing email encryption on outbound email and inbound email security, our patented ExecProtect feature stops clone phishing attempts before they even hit your inbox.
ExecProtect identifies and quarantines display name spoofing emails. Eliminating these clever disguises from inboxes significantly reduces the chance of someone clicking on a malicious link or attachment.
Use HIPAA compliant email software to eliminate clone phishing attacks
Clone phishing attacks not only present a great threat to individuals, but to healthcare organizations as a whole. It’s crucial that email users can recognize clone phishing attempts and stop them in their tracks before a hacker gains access to even more critical information.
Keep your organization safe by not only educating employees on how to prevent clone phishing attacks, but also by adding HIPAA compliant safeguards that will block malicious emails and protect against phishing scams.