b'ClonePhishing Jack Gerbs, QuanexusClonephishingattacksareanewtypeofsocial engineeringattackthatcanbemoredifficultto detect than typical phishing emails. Clone phish-ingattacksgenerallyuseacloneofalegitimate emailtoenticeuserstoclickalinkorenter information.Astandardclonephishingtactic would be an email that looks like its from PayPal onthesamedayofthemonthyoutypically receiveyouraccountbalancenotification.The emailwouldlookexactlyliketheoneusers receive every month and might even show a high orpast-duebalancetocreateurgencyandmake users more likely to click the link.Another form of clone phishing can be a follow-up toaninitialemail.Clonephishingemailscan appeartocomefromacompanyorcolleaguesinside your business if a business email compro-mise (BEC) has occurred. Hackers will resend the previousemailandre-fertoupdatedlinksor resourcesinthenewemail.Sincetheattackis basedonapreviouslyreceivedemail,usersare more likely to click on the new email to see what changed. Cloning the original email creates a more trusting environment where users are less likely to check links or email addresses. In the event of a business email compromise, the email could come from a real and trusted email address, increasing thelikelihoodthatuserswillclickthemalicious link.Like other phishing campaigns, the malicious links ask for personal information, login credentials, or credit card information which should be the first red flag for users. Criminals are also using clone phishingtacticstoinstallmalwarewhichcanbe more challenging to detect.Users should be aware of this new phishing tactic andberemindedtothinkbeforeyouclick especiallyduringtheholidayseason.Likeother phishingtactics,criminalstrytocreateurgency with clone phishing to steal data. 23'