Republic of the Philippines
National Police Commission
PHILIPPINE NATIONAL POLICE
Camp BGen Rafael T Crame, Quezon City
ACG-CYBER SECURITY BULLETIN NR 232: UNDERSTANDING THE RISK OF CLONE PHISHING
Reference Number ACG-CSB 011022232
The following information was obtained from different cyber security sources for notification to all parties concerned pursuant to the mandate of the Philippine National Police Anti-Cybercrime Group (PNP ACG) and classified as “Restricted” pursuant to the PNP Regulation 200-012 on Document Security and Impact Rating as high based on PNP Information Communication Technology (ICT) Security Manual s.2010-01 p. 22 and p.129.
In this modern and digital world, internet users have become accustomed to receiving an extraordinarily high volume of emails from companies, organizations, and service providers. Although it can be irritating to receive so many emails on a regular basis, most people don’t think twice about it and place a great deal of trust in the veracity of the email senders. However, it’s this very trust that often places victims at the center of online attacks.
A hacker clones a legitimate email message word-for-word from a trusted organization or business. Clone phishing is harder to detect because the official-looking email appears to come from a reputable source. Clone Phishing occurs through your emails. This is done by riding on the trust that you place on emails received from reliable sources. Unknown to you and everyone else, online attackers take advantage of this trust and literally clone the email to carry out malicious activities.
Hackers use display name spoofing to add a layer of legitimacy, fooling many receivers into believing they’re actually looking at an email from a company they trust. The hacker carefully edits the once-genuine email message by replacing links that redirect the receiver to fake websites, or by attaching malicious files that the user is prompted to open. Once a victim falls for the fake email, the hacker can then forward the same cloned message to the contacts from the victim’s email account. By impersonating email addresses from reputable sources, email recipients are much more likely to fall for the attack and open the malicious link or attachment.
Online clone phishing is a reality with harmful intent. The weakest link is that users do not suspect or doubt the goal, especially since the spoofed email id or the senders’ name appears genuine and trustworthy.
All PNP personnel as well as the public are advised to follow the tips below to avoid the risk of CLONE PHISHING:
- Always check the sender’s email message;
- Before clicking on any landing page, hover over the link in the email to ensure its authenticity first;
- Make sure to follow up with the organization that has sent the email;
- Keep your credentials secure by not sharing them with anyone in particular;
- Look out for suspicious errors in the email as cloned emails are not 100% legitimate in looks;
- Always submit your information to the websites that have an “HTTPS” prefix before the URL of the website;
- If an email appears strange in any way, contact the sender with a phone call to confirm the legitimacy of the email;
- If you receive an email from a source, you know but it seems suspicious, contact that source with a new email, rather than hitting “reply”;
- Scan all attachments for viruses or malicious code;
- Verify shared links to ensure that they do not lead to fraudulent websites or dangerous code; and
- Check for spelling and grammatical errors which can indicate that an email is fraudulent or malicious. Also, keep an eye out for suspicious subject lines and signatures.
For additional information, please refer to this website:
POINT OF CONTACT