What is a Clone Phishing Scam?
As cyberattacks against brands are becoming more veracious, it’s no surprise that domain names are being used more frequently in clone phishing attacks. Clone phishing is a type of phishing attack in which an attacker creates a website or email that appears to be from a legitimate source, such as a trusted company or organisation. The attacker use a domain name that is very similar to the legitimate domain name, such as by changing a single letter or adding an extra word. For example, if the legitimate domain name is “brand.com,” the attacker may use a domain name such as “bramd.com” or “brand-security.com.”
The attacker then sends an email that appears to be from a legitimate organisation but contains a link to the fraudulent website. This link may contain malware or in many cases, the link may encourage users to enter sensitive information, such as login credentials or credit card details in order to steal very sensitive customer data.
How are Domain Names used in Clone Phishing Scams?
Domain names are the backbone of many phishing attacks as they allow for the deployment of a fake website and fake email.
Typo squatting, also known as URL hijacking or domain mimicry, is a type of cyber attack in which scammers register domain names that are very similar to legitimate domain names, but with small typographical errors or misspellings. The scammers then use these similar domain names to trick unsuspecting users into visiting their fake websites instead of the legitimate ones. For example, they might register a domain name like “gmial.com” instead of “gmail.com”, or “facbook.com” instead of “facebook.com”.
Typo squatting is commonly used in phishing attacks because it can be very effective at tricking users who are not paying close attention to the URL they are visiting. By registering domain names that are just slightly different from legitimate ones, scammers can make their fake websites look very similar to the real ones, making it more likely that users will fall for the scam.
a domain name can be used in several ways to trick end users
Clone Phishing Example: Google and Facebook Invoice Scam
A swindler from Lithuania managed to defraud Google and Facebook of more than $100 million between 2013 and 2015, using a fake invoice scam that involved impersonating a well-known Asian-based manufacturer. The scammer copied the domain name, website and email to make it look like they were the real deal. In just two years, the perpetrator sent numerous fraudulent invoices, some of them valued at several million dollars, that closely resembled legitimate bills from the supplier. The scheme even featured fabricated contracts and letters, allegedly signed by representatives of the tech giants. It wasn’t until after the fact that Google and Facebook realised the extent of the deception, having already paid out an enormous sum of money.
Check out our article on invoice scams here.
Defending against Clone Phishing Attacks
To avoid falling victim to clone phishing attacks, brands should actively monitor for identical and confusingly similar domain name registrations. Domain name monitoring can pick up domain names that host fake websites and get them suspended before they cause significant damage.
The other tool brands have in the fight against clone phishing attacks is DMARC, which is an email authentication protocol that helps prevent email spoofing and phishing attacks. Organizations can use DMARC to authenticate their emails and prevent attackers from using their domain name to send fraudulent emails.
Contact us to learn more about how brandsec can support your business against the threat of Clone phishing attacks.
About brandsec
brandsec is an Australian domain name management provider that offers online brand management solutions to corporate and government organisations.
Our services include domain name management, domain name security, domain name policy development, dispute management, monitoring, and enforcement services. Additionally, brandsec offers a comprehensive online brand protection service that covers various platforms such as websites, social media, email, and online marketplaces. The service addresses issues related to counterfeiting, fakes, copyright infringement, intellectual property (IP) matters, piracy, and other intellectual protection-related issues.
