Cybercriminals are hijacking email accounts from legitimate organizations to clone and send fake follow-up emails with malicious attachments.
Organizations often use email to send important information to their customers. If an organization sends out an email that’s missing information, they may send you a follow-up email. Now, cybercriminals are using a technique called “clone phishing” to imitate these follow-up emails and manipulate you.
To start the scam, cybercriminals hijack an email account from a legitimate organization. They use the hijacked account to find an email that was previously sent to you and clone it. To make the clone email look like a typical follow-up email, the cybercriminals add text that claims the original email was missing an attachment with urgent information. If you download the attachment in the clone email, you won’t receive important details about the original message. Instead, you’ll download malware that allows cybercriminals to steal your sensitive information.
Follow the tips below to stay safe from clone phishing scams:
- Don’t trust that an email is legitimate just because it was sent through a trusted email address. Cybercriminals can use stolen email addresses to make their scams more believable.
- Watch out for a sense of urgency in messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
- Never click a link or download an attachment in a message that you aren’t expecting.
Stop, Look, and Think. Don’t be fooled.
KnowBe4 is the world’s most popular integrated platform for awareness training combined with simulated phishing attacks. Let Keller Schroeder show you how KnowBe4 has helped thousands of organizations just like yours manage the continuing problem of social engineering. Contact us today to learn more.
DISCLAIMER : Any non-technical views expressed are not necessarily those of Keller Schroeder or its employee-owners.