Organizations often use email to send important information to their customers. If an organization sends out an email that’s missing information, they may send you a follow-up email. Now, cybercriminals are using a technique called “clone phishing” to imitate these follow-up emails and manipulate you.
To start the scam, cybercriminals hijack an email account from a legitimate organization. They use the hijacked account to find an email that was previously sent to you and clone it. To make the clone email look like a typical follow-up email, the cybercriminals add text that claims the original email was missing an attachment with urgent information. If you download the attachment in the clone email, you won’t receive important details about the original message. Instead, you’ll download malware that allows cybercriminals to steal your sensitive information.
Follow the tips below to stay safe from clone phishing scams:
- Don’t trust that an email is legitimate just because it was sent through a trusted email address. Cybercriminals can use stolen email addresses to make their scams more believable.
- Watch out for a sense of urgency in messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
- Never click a link or download an attachment in a message that you aren’t expecting.
Stop, Look, & Think. Don’t be Fooled!
The HoyleCohen Cybersecurity Team