Phishing continues to rank as one of the most common types of cyber threats facing businesses today. Research conducted by Proofpoint found that 74% of U.S. businesses have been the victim of phishing. Some phishing attacks target large businesses, but many of them target medium- and small-sized businesses. There are different types of phishing attacks, however, one of which is clone phishing. Regardless of your business’s size, you should take measures to protect it from clone phishing.

What Is Clone Phishing?

Clone phishing is a type of phishing attack that involves cloning a legitimate email and using it for malicious, phishing-related purposes. All phishing attacks, of course, are designed to trick businesses or individuals into revealing sensitive information. An attacker may impersonate a business while asking victims to log in to their account or otherwise provide the attacker with sensitive information.

Clone phishing is a specific type of phishing attack that leverages a cloned email. The attacker will take a legitimate email sent from a legitimate business and clone it. After cloning the email, the attacker will modify it so that he or she can trick victims into revealing sensitive information. The attacker will then send this cloned, malicious email to victims.

How to Protect Your Business From Clone Phishing

Because it involves malicious emails that look identical to legitimate emails, clone phishing is a concern for businesses. You may receive an email that looks like it was sent from a real business. After following the link in the email, though, you may inadvertently provide the attacker with sensitive information. How do you protect your business from clone phishing exactly?

Checking the links in emails before clicking them can protect your business from clone phishing. The malicious emails used in clone phishing attacks look identical to legitimate emails. With that said, they typically have modified links. The links won’t point to the legitimate business’s website. Rather, they’ll point to the attacker’s website. Before clicking a link in an email, check the destination to ensure that it’s legitimate.

You should check the address of the sender as well. Attackers can clone the copy and design of legitimate emails. They can’t, however, clone the sender address. If an email has a sucpicious-looking sender address, don’t interact with it. Instead, mark it as spam so that you don’t receive any additional emails from the same sender.

If you’re unsure whether an email is legitimate, contact the business or person who sent it directly. You can call them, for instance, to see if they are really sent the email. If they didn’t, it’s safe to assume the email is part of a phishing attack.