The university and its departments often use email to send important information to faculty, staff, and students. If someone sends out an email that’s missing information, they may send you a follow-up email. Now, cybercriminals are using a technique called “clone phishing” to imitate these follow-up emails and manipulate you.

The scam begins with cybercriminals hijacking an email account from a legitimate organization. They use the hijacked account to locate and clone a legitimate email that was previously sent to you. The cybercriminals make the cloned email look like a typical follow-up email by adding text claiming that the original email was missing an attachment with urgent information. If you download the attachment contained in the cloned email, you won’t receive important details about the original message. Instead, you’ll download malware that allows cybercriminals to steal your sensitive information.

Follow these tips to stay safe from clone phishing scams:

• Don’t trust that an email is legitimate JUST because it was sent through a trusted email address. Cybercriminals can use stolen email addresses to make their scams appear more believable.
• Watch out for a sense of urgency in messages that you receive. Phishing attacks rely on impulsive actions, so always think before you click.
• Never click a link or download an attachment from a message that you aren’t expecting.

And lastly, IF you have questions about the legitimacy of an email, pick up the phone and call the sender using a trusted directory phone number.