What is a Clone Phishing Website?
As cyberattacks against brands are becoming more veracious, it’s no surprise that domain names are being used more frequently in clone phishing attacks. Clone phishing websites are where an attacker creates a website or email that appears to be from a legitimate source, such as a trusted company or organisation. The attacker use a domain name that is very similar to the legitimate domain name, such as by changing a single letter or adding an extra word. For example, if the legitimate domain name is “brand.com,” the attacker may use a domain name such as “bramd.com” or “brand-security.com.”
The attacker then sends an email that appears to be from a legitimate organisation but contains a link to the fraudulent website. This link may contain malware or in many cases, the link may encourage users to enter sensitive information, such as login credentials or credit card details in order to steal very sensitive customer data.
Cybersecurity experts are locked in a shadow war with bad actors leveraging Fraud-as-a-Service (FaaS) infrastructure to spin up clone websites at scale. Brands often face hundreds of replicas appearing within days, clustered in close proximity online, optimised for search engines, and designed to trick customers into surrendering sensitive information. In many ways, traditional brand protection methods have not kept up, which we have detailed in our article on Clone Wars: Brand Protection Versus FaaS here.
How are Domain Names used in Clone Phishing Scams?
Domain names are the backbone of many phishing attacks as they allow for the deployment of a fake website and fake email.
Typo squatting, also known as URL hijacking or domain mimicry, is a type of cyber attack in which scammers register domain names that are very similar to legitimate domain names, but with small typographical errors or misspellings. The scammers then use these similar domain names to trick unsuspecting users into visiting their fake websites instead of the legitimate ones. For example, they might register a domain name like “gmial.com” instead of “gmail.com”, or “facbook.com” instead of “facebook.com”.
Typo squatting is commonly used in phishing attacks because it can be very effective at tricking users who are not paying close attention to the URL they are visiting. By registering domain names that are just slightly different from legitimate ones, scammers can make their fake websites look very similar to the real ones, making it more likely that users will fall for the scam.
Clone Phishing Example: Google and Facebook Invoice Scam
A swindler from Lithuania managed to defraud Google and Facebook of more than $100 million between 2013 and 2015, using a fake invoice scam that involved impersonating a well-known Asian-based manufacturer. The scammer copied the domain name, website and email to make it look like they were the real deal. In just two years, the perpetrator sent numerous fraudulent invoices, some of them valued at several million dollars, that closely resembled legitimate bills from the supplier. The scheme even featured fabricated contracts and letters, allegedly signed by representatives of the tech giants. It wasn’t until after the fact that Google and Facebook realised the extent of the deception, having already paid out an enormous sum of money. Check out our article on invoice scams here.
Defending against Clone Phishing Attacks
To avoid falling victim to clone phishing attacks, brands should actively monitor for identical and confusingly similar domain name registrations. Domain name monitoring can pick up domain names that host fake websites and get them suspended before they cause significant damage.
The other tool brands have in the fight against clone phishing attacks is DMARC, which is an email authentication protocol that helps prevent email spoofing and phishing attacks. Organizations can use DMARC to authenticate their emails and prevent attackers from using their domain name to send fraudulent emails.
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.
