What is Clone Phishing?

  • By Bryan Lee
  • Nov 04, 2022

clone phishing

For most people, the internet is a poorly guarded vault holding all their personal data. Cybercriminals are constantly creating new ways to bypass security and steal that information.

The cyberterrorism represented in movies has a lot of flash. Long strings of numbers arc across the screen as the genius hacker works their magic. But the truth is that most attacks don't require much skill—just a moment of inattention or laziness from an individual.

Phishing and other social attacks make up an overwhelming majority of all cybercrimes. Clone phishing is among the most believable phishing strategies that criminals use.

What is Clone Phishing?

Clone phishing is a phishing attack that uses email messages to trick users into giving up sensitive information. These emails include links that automatically install malware when clicked and appear nearly identical to official emails sent by specific organizations. Victims unwittingly click the links believing they're communicating with a trusted and legitimate source.

High-effort clone phishing scams will even recreate entire websites and social media pages to trick their victims. These spoofed sites are indistinguishable from legitimate ones and aim to steal the target's login credentials.

It's also sometimes called "brand spoofing" or "social engineering"—as opposed to technical attacks—because it relies on humans being tricked rather than computers being hacked.

Clone Phishing Examples

In 2015, a series of phishing attacks targeted Star Wars fans who were excited about The Force Awakens. The emails impersonated popular Star Wars-themed social media groups and leveraged fans' desperation to get tickets. It didn't help that tickets were selling for $100/each with multiple months left before the movie’s release.

A commonly used example of clone phishing email tries to imitate banks or financial institutions. The email security company, Vade, found that over a third of phishing URLs pretended to come from financial services. The message typically mentions some suspicious activity or security breach that requires immediate action. The hope is to use people's financial fear to force them into making a hasty decision.

Similar strategies are used under the guise of social media sites, government agencies, and trusted retailers. Clone phishing is an increasingly dangerous psychological attack as scammers learn more about each individual.

Recognizing a Clone Phishing Email

Recognizing a cloned email from a legitimate one isn't always easy. It takes a lot of energy to remain vigilant at all times, but luckily, detecting a phishing attack is mostly intuition. So, knowing the warning signs goes a long way in protecting yourself.

Grammatical Errors

Phishing clones do their best to mimic the language and professionalism of trusted organizations, but that isn't always possible. Artificial intelligence programs even write emails for some scams, so the quality can vary widely depending on its sophistication. Carefully read your emails, and don't give the sender the benefit of the doubt when it comes to spelling issues.

Unfamiliar Email Address

Anyone who has made an email account knows that most names are hard to get. There are probably over ten thousand "John.Smith" email address variations. Providers don't allow duplicates, so scammers have to settle for the next best thing. They'll use similar-looking characters in place of others to emulate the official email. An easy and hard-to-catch example is replacing a lowercase "L" with an uppercase "I."

Ordering Urgent Action

Emails that play on a target's sense of urgency are the easiest to spot and should be treated with the utmost caution. Frequent scare tactics threaten punitive actions like account closures, financial loss, or identity fraud. Despite how shady this sounds, the anxiety they create forces many people to ignore their suspicions and take hasty action.

How to Avoid Clone Phishing

The easiest way to avoid clone phishing scams is to never interact with suspicious emails. However, there's always a chance that we're wrong. Maybe that email truly was a warning from the bank about suspicious activity. 

Sometimes we need to act, but that doesn't mean blindly clicking on every link that pops up. The increased security features of anti-malware and email providers provide many options to keep ourselves safe.

Confirm URLs

This precaution is similar to checking the sender's email address, but it takes a little more effort due to how complicated some URLs can be.

Just like email addresses, there are no websites with the same address. Scammers will change a small part of it and keep the rest the same. Some common changes include switching the top-level domains (.com, .org, .net) or using "HTTP" instead of the more secure "HTTPS."

If you've already clicked a suspicious link, then Google the official website (it will usually be the first result) and compare the two pages.

Contact the Sender Directly

If you're familiar with who the sender is attempting to impersonate, then reach out directly. This communication can be the quickest way to confirm an attempted clone phishing attack.

If the suspected party is a large corporation, then call through their professional line and ask for verification. Chances are that the company doesn't even have you on their email list.

Anti-Spam Software

Anti-spam software has grown a lot in the past decade out of necessity. It can identify both phishing sites and scan links for dangerous messages. Not only do most anti-spam software detect threats, but they also keep a log of known phishing sites and automatically filter them out.

Take Advantage of Password Managers

On top of being one of the most impactful "quality of life" additions to internet browsers, password managers are perfect for detecting cloned websites. Once a user has logged into a website's official URL once, the password manager can record it for future use. So, if they ever wind up on a fake website, the password manager won't recognize it and autofill the login credentials.


Clone phishing is a growing problem that can cause severe damage to individuals and organizations alike. Preparing with the proper defensive measures is essential to protecting your vital information from malicious scammers.

Learning to recognize clone phishing when it happens will take some effort at first. But soon, you'll notice the warning signs intuitively and effortlessly take the appropriate action to remain safe online.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address