Cybercriminals today are constantly developing new and improved methods of deceiving their victims. One common type of cybercrime is a type of communication scam called phishing. In phishing attacks, the perpetrator sends a fraudulent email or other type of message to their victim/victims in an attempt to steal information or money from them. These communications are often cleverly disguised – the attacker will steal logos or other recognizable identifying information from a reputable company to make their message appear legitimate. The messages will prompt you to click a link, enter information, or even just send a reply, which will then give the cybercriminal the information they need to hack your accounts, steal money from you, or install malware on your devices. Phishing can come in many forms, and one newer type being used now is called clone phishing.
In a clone phishing attack, the perpetrator will send a ‘follow-up’ message to another legitimate email previously received by the victim. These attacks happen when the cybercriminal has already compromised the email of the initial sender, gaining access to their contacts and sent emails. They will then resend emails that have already been sent with an additional message claiming that they forgot to include recipients, attachments, are other information. The added information is where the scam comes into play. By clicking on the new link or attachment that has been replaced or added in the original email, you’ve now fallen into the perpetrator’s trap and your security is now compromised. These emails are hard to spot, especially since they appear to be sent from a legitimate source, but it is always important to never click links or give information without verifying the authenticity of the email, particularly in a ‘forwarded’ (FW: ) or ‘replied’ (RE: ) message.
This tactic is easier to perpetrate given marketing efforts ‘to bump this email back to the top of your inbox’ as we’ve likely all seen lately. Or language used that suggests that you’ve already been in contact about their product/service and that you requested the information they’re sending and they are just getting back to you as you requested… these tactics, used by salespeople to gain an audience with you, may be useful to a cybercriminal hoping to catch you busy and trying to get through your inbox before the end of the day or ahead of the weekend.
If you ever see a duplicate email like this, make sure to examine the email with a critical eye. Email filters often do not spot and filter out phishing attempts like these since the email account being used is a trusted source. If you are concerned about the legitimacy of the message, send a completely new message to the sender, preferably through a different platform, and ask about the email. This could help you avoid a data breach and inform the sender that their account has been compromised. Use a phone number or website to contact the person that you know is legitimate to inquire about the situation. Also, there are methods you can use to check links in an email. One simple way to do this is to hover over the hyperlink. The extended version of the link should appear on your screen; if it is one that you don’t recognize, do not click on it. You can also compare it to the first email you received to see if it is the same, if you still have access to the original.
Anti-malware software and other data security measures can also help a ton when it comes to the security of your accounts and information. If you have unfortunately fallen victim to a cyberattack, there are resources you can use to help. The Federal Trade Commission (FTC) is an organization that you should report any suspicious activity and fraudulent emails to. And, of course, having a trusted IT partner to manage your technology is always a smart decision since they can help manage and protect your data. They will be able to help you identify fraudulent emails if needed. These cybercriminals want to deceive you, so being educated on their tactics is the most reliable defense we can use to stop them.
Read our previous post here: Not All Monitors Are Created Equal: How To Pick The Best Monitor For You