Clone Phishing

What is Clone Phishing and how to prevent it

Clone phishing is a sneaky and dangerous type of cyberattack. It relies on trust and familiarity to trick people into sharing sensitive information or taking harmful actions.

Cybercriminals copy (or ‘clone’) emails and websites from genuine sources, creating exact replicas with subtle changes – like switching links or attachments for malicious alternatives.

These replicas are very convincing, making it hard to distinguish them from genuine communications, and can cause untold damage to businesses and individuals.

What is Clone Phishing?

Clone phishing is a type of cyber-attack where a cyber threat actor creates a fake email to trick recipients into believing it comes from a trusted source. The goal is to steal your login credentials or personal data.

In some ways, it’s similar to spear phishing. Unlike spear phishing, however, clone phishing emails are sent to hundreds of people at once. The messages are not targeted to each recipient and often do not use your name.

Instead, the hackers directly copy (or ‘clone’) the content of a legitimate brand email, then simply replace original links and attachments with compromised URLs and malware.

This can make it hard to identify as a fake.

Signs of a Clone Phishing email

The signs of a clone phishing email are often more subtle than a traditional phishing attempt and will vary depending on the business the attacker is trying to impersonate.

One common clone phishing tactic is to re-send legitimate content with additional instructions.

For instance, you might receive an email from your favourite brand. Later, you receive a second, identical email – with a note claiming they included the wrong link or forgot to add an attachment.

Other common signs of clone phishing to look for include:

  • Urgent language – Click NOW to cancel your payment!!!
  • Poor spelling or grammar – Congratulation!
  • Strange or incorrect greetings – Hello valued customer.
  • Time-sensitive “offers” – Your discount link will expire in 12 hours!!!
  • Unfamiliar attachments – shippinginvoice.pdf
  • Suspicious and unsecure URLs –
  • Claims to be a reply in the subject line – Re: Collect your FREE GIFT!
  • Pixelated or low-quality images
  • Dodgy design elements

How to prevent clone phishing attacks

You may not be able to stop clone phishing emails from landing in your inbox, but you CAN learn how to recognise them and prevent the hackers from gaining access to your data.

Clone phishing attacks can be especially tricky for people who are used to receiving dozens of emails from digital services like PayPal and Google, or online marketplaces like eBay and Amazon.

Learning how legitimate businesses normally communicate with you will also help you spot the subtle differences of a clone phishing email.

It’s important to pause, pay attention and verify each email before clicking or downloading anything. Remember, they can only steal your data if you engage with them.

Here are some more ways you can help stop a clone phishing attack:

  • Install strong anti-virus and anti-spam software. These programs can help filter potential phishing attacks before they even land in your inbox.
  • Review the email address. Fake email addresses might appear identical to the official ones but take a closer look and you might spot an extra or missing letter that identifies it as a spoof.
  • Preview every link before clicking. Hover over each link to check the URL is legitimate. Check for incorrect spellings or dodgy domain names. If it ends in .net or .io it might be a scam.
  • Look for SSL certificates. Secure websites have an https prefix that sometimes displays as a closed padlock. If it doesn’t have an SSL certificate: do NOT enter your personal information or login details – your data could be at risk.
  • Use a password manager. Pay attention if your password manager doesn’t auto-fill your login on a website like it usually would – you may be on a cloned website with a different (and unsafe) domain.
  • Contact the brand. The fastest way to confirm whether an email is real or fake is to contact the brand directly via their official channels.

If you think your data has been compromised by a clone phishing attack, you should alert your bank and change your passwords immediately through the official channels.


Protect your business from clone phishing attacks

As a business, your employees are your best line of defence against cyber-attacks like clone phishing. All the firewalls and antivirus software in the world can’t protect you from human error.

Just one unintentional click from the right (or wrong) person could put your business’ data in jeopardy, causing financial losses and heavy damage to your reputation.

Phishing Tackle’s simulated email testing can help pinpoint the professionals in your organisation who are most at risk from clone phishing attacks.

We also offer security awareness training, with a platform of up-to-date educational materials that will ensure your staff are trained to spot phishing attempts and other online scams.