Online scammers have enjoyed enormous success with clone phishing. And it is not hard to understand why. This type of phishing attack involves creating a nearly identical or “cloned” version of a legitimate email or website that doesn't raise eyebrows as it should.

Let us elaborate. Mike receives an email from his favorite online retailer claiming he has won a $500 gift card. The message looks downright convincing. Being the avid shopper he is, Mike proceeds to click on the embedded URL in the email. He is redirected to a webpage that looks almost like the one he shops on. Prompted to enter his username and password, Mike does so without suspecting anything. Moments later, he gets a message that a charge of $1000 was just made on his account. 

What just happened?

Unfortunately, poor Mike has become a victim of clone phishing. 

And he’s not alone.

What is Clone Phishing?

Ever heard of the Duck Test?

The basic premise behind the test is:

When it comes to cybersecurity, things are rarely that simple.

Clone phishing, for example, is one of those things that looks like a duck and quacks like a duck, but is actually a fox hidden in sheep’s clothes hidden in a shoe with a nail going through it and a beautiful big bow tied around it.

This kind of technique replicates the look, content, and feeling of a legitimate message. It is almost a carbon copy of its original. Clone phishing aims to deceive recipients into believing the message or website is from a trusted source, such as a well-known company, colleague, or friend. The attacker uses the cloned version to trick victims into providing sensitive information, like login credentials, personal data, or financial details.

Here's how clone phishing typically works:

1. Duplication: The attacker creates an almost exact copy of a legitimate email or website, including logos, content, and design elements, to make it appear genuine.

2. Spoofed Sender: The attacker alters the sender's email address or name to make it seem as if the message is from a known and trusted source.

3. Deceptive Content: The cloned email often contains urgent or compelling language to create a sense of urgency, enticing recipients to take immediate action.

4. Malicious Links or Attachments: The email may include links to fake websites that closely resemble the original site or contains malware-laden attachments.

5. Targeted Victims: Clone phishing attacks are often targeted towards specific individuals or organizations, making them more convincing and difficult to detect.

Clone phishing shares a lot of traits with spear phishing. Clone phishing employs aspects of spear phishing by focusing on high-privilege users, but it distinguishes itself by replicating messages familiar to the recipient. Official or partner businesses of the targeted organization often use these messages. The cloned message could be a response to an automated communication sent by the targeted business or a replica of an official message from a company with which the targeted organization has dealings.

Good question! Luckily, there are a few tell-tale signs you can watch out for in case you suspect a message is cloned. Attackers usually alter a few crucial details in their cloned messages to get the desired results.

Here are a few red flags to help identify a clone phishing message:

In recent years, hackers have grown increasingly sophisticated in using spoofed emails. These emails don’t just appear as messages you have seen before; they can also appear to be sent by a legitimate business or service provider (like your bank or ISP).

Here is a checklist of things you should do to defeat clone phishing, and how to tell a real message from a fake one:

Once you understand that a fake email can look almost indistinguishable to one from a real brand, you know how to spot a clone phishing attempt. We hope this guide helps you to avoid falling victim to phishing scams.