Clone Phishing: Everything You Need To Know

By Sydney Wess / 18 October 2021

Clone phishing is a type of phishing attack that involves a hacker disguising themselves as a co-worker or trusted friend by copying real emails that may have been previously sent to an address. The malicious emails are designed to appear trustworthy, so people should look for potential red flags.

Phishing attacks are on the rise and are becoming more and more sophisticated. Sure, most people aren’t going to fall for a “Nigerian prince” scam, but what about an email that looks and feels like it’s from someone you trust? 

Just as we’ve learned to evade outdated scams, hackers are learning new ways to trick people into trusting them to commit cybercrimes. 

From the years 2019 to 2020, the number of unique phishing sites more than doubled. People need to be on high alert for any communications that seem suspicious. Clone phishing has become a popular option for hackers. Avoid falling victim to a clone phishing attack by learning red flags and how to evade attacks entirely.

What Is Clone Phishing?

Clone phishing is a method used by cybercriminals to impersonate someone you trust as a means of gaining your data and information. 

This can involve copying a familiar email verbatim to earn your trust and convince you to click on either a malicious link or an attached file. Hackers may even copy the direct HTML of an email from a trusted site to make the email look just like one you would trust.  

clone phishing example email

Source: CyberX

In particular, hackers like using email content that typically already has a link included. The image above showcases a spoofed email that appears as a convincing LinkedIn invitation. If this email is, in fact, a clone phishing email, the link will take the user to a visually similar domain that is intended to collect and steal information. 

Because these attacks look like authentic communications, they’re often successful to unsuspecting users. For this reason, it’s essential to keep data safety top of mind when interacting with email communications.

Clone Phishing Red Flags

Clone phishing attacks are meant to look real, so red flags will be more difficult to spot than a basic phishing attempt. However, hackers use several common tricks to create clone phishing content that you can look out for to identify a phishing attack. 

Experts and top IT consultants recommend staying alert and attuned to these elements when determining if something is a clone phishing attack:

  • URL destination
  • Quirks in domain names

The URL destination will be displayed when users hover over a link included in an email. It’s important to check the destination of a link before ever clicking on anything. The destination can help you determine whether or not to trust a link.

For example, cybercriminals have taken to using shortened URLs to funnel people to phishing websites without appearing overtly unsafe. Similarly, criminals may be using shortened URLs to encourage people to download software or open an attachment, effectively hiding ransomware or other harmful attacks.

Domain names can also be a reliable indicator of whether or not something is a clone phishing attempt. Typically, cybercriminals will try to replicate authentic and recognizable domain names to encourage you to trust any links or attachments. However, there may be minor inconsistencies with mimicked domain names. 

For example, a common tactic is to make small changes to a familiar domain name. Replacing the letter “O” with zero “0” is a typical example of a small change that may go unnoticed. However, these quicks can be spotted by a vigilant user who’s committed to actively preventing cyber attacks. 

These are just two of several clone phishing red flags, but these should be enough to help you determine whether or not to trust a seemingly friendly email. 

How to Avoid Clone Phishing Attacks

While knowing key red flags is a significant first step toward attack prevention, it can’t ward off all potential phishing and clone phishing attempts. Because of this, it’s best to take preventative action against clone phishing and all other types of cyberattacks. 

It’s best to have the skills and awareness before you need to put them to action. Especially if you’re operating in a company setting, your team as a whole will be responsible for keeping security a top priority. A phishing awareness training or cybersecurity awareness course may be beneficial to groups prone to an attack. 

Aside from internal coaching, there are also tools that you can implement to keep your systems safer from cyber attackers. For instance, aim to incorporate email security systems into your IT operation. Every company should have a firewall or other solution that promotes email security. These solutions can detect suspicious emails, senders, links, and attachments. 

Additionally, your team should take precautions against your email addresses being copied and used by cybercriminals. If hackers can access and use what appears to be your company email addresses, they will have a much easier time successfully executing a clone phishing attempt. Solutions allow you to authorize many IP addresses that can send emails using your company’s domain name. This will keep hackers at arm’s length from your system.

Incorporating technological solutions and human training ensures that your team actively prevents cyberattacks and protects company data

Evading Clone Phishing Is Essential to Security

Clone phishing is a convincing phishing tactic that has fooled many in the past. However, there are a series of clear red flags that can help you identify something suspicious as a cybersecurity attack. Additionally, there are plenty of resources and solutions at your disposal to ensure that you evade all possible phishing attempts.

Lead capture icon


Based on your budget, timeline, and specifications we can help you build a shortlist of companies that perfectly matches your project needs. Get a free shortlist of best-fit companies from a Manifest Analyst.