Clone phishing is a scam where a cybercriminal replicates a legitimate email or website to trick the victim into giving personal information. The cloned email looks almost the same as the original and contains legitimate details, making clone phishing more difficult to spot than other phishing attacks. Here’s how clone phishing works and how to prevent it.
Clone phishing is similar to other types of phishing in that the cybercriminal attempts to trick you into providing sensitive information (e.g., your username, password, or financial details). However, clone phishing attacks take phishing to the next level because the signs are often more subtle and harder to spot.
Clone phishing involves the cybercriminal creating an almost identical replica (or clone) of a legitimate email, text, social media account, or website.
The cybercriminals attempt to get every detail right, including the logos, layout, and content. They use email spoofing techniques to make it look like the message is from a person or organization the victim knows and can trust.
The main difference between the original message and the cloned email is that the replica contains a malicious attachment or link. Once the user clicks or downloads this attachment, it infects their device with malware or takes them to a site where their information is accessible to the attacker.
Here’s how clone phishing typically works:
Spotting clone phishing attacks can be tricky, especially if the scammers have a lot of experience in creating cloned emails. However, knowing the signs of fake email messages can help you avoid these scams. Here’s what you need to watch out for.
One of the most common signs of a scam email is spelling and grammatical errors. If the tone of the email seems off and you notice mistakes, be cautious. It is unlikely that a legitimate message would be littered with grammar errors because companies care about their reputation and put steps in place to prevent that. However, scammers often operate from non-English speaking countries and may not have the tools to ensure the content is error free.
Clone phishing scammers rely on users acting before they can think about the consequences (or realize they’re being scammed). That’s why clone phishing emails often have an urgent and even threatening tone and insist that you act immediately. If the tone of the email is suspiciously urgent, don’t rush into clicking on links or opening attachments. Take a moment to review the email to ensure it is from a legitimate source.
Though spoofed emails often come from email addresses that closely resemble the original, they may also come from long email addresses made up of random letters and numbers. If you receive an email from an address that looks computer generated, be wary. Someone could be trying to scam you.
Most companies or individuals you deal with know your name and will use it to address you in emails. However, scammers won’t often have access to this information, so you’re likely to see something general (like “Dear sir/madam”). Though this isn’t a foolproof method of detecting a clone phishing email, it is one of the possible signs of one.
Cloned emails may have images that look similar to the original, including logos and and headers. However, because scammers don’t always have the tools to make these images look good, they may be pixelated or distorted.
Clone phishing scam emails come in various forms, with some looking more legitimate than others. Here’s an example:
Subject: Urgent issue with your PayPal account
The PayPal team identified a critical issue with your account. Click the link below to read the message from our customer service representative. Failing to do so may result in us blocking your account. [insert malicious link]
As you can see, the subject conveys a sense of urgency, attempting to trick you into immediately taking action. The attacker may send an email like this to thousands of people, hoping to access the credentials of at least a few.
Spear phishing typically involves the attackers researching their victims beforehand, including where they work, their credentials, work priorities, and interests.
These attacks are highly targeted and require advanced preparation and customization. Spear phishing emails often come from scammers pretending to be coworkers, old friends, or representatives of a popular service the victim uses. They also target high-security privilege users, such as network administrators, HR employees, accountants, or senior executives.
A clone phishing email may use some spear phishing elements (like targeting high-security privilege individuals). However, with spear phishing, scammers can use any message, while cloned emails will closely resemble an existing email sent by the original sender.
Clone phishing scammers need to get hold of such emails before they can target their victims. Cybercriminals who carry out clone phishing emails will typically aim to access an email that’s distributed en masse, then send the cloned version to many recipients at once.
Completely preventing clone phishing attacks can be difficult because cybercriminals carry them out in a number of ways. However, you can take several steps to reduce the likelihood of falling victim to one.
Before you click anything or reply to the email, make sure the sender’s email address is legitimate. Clone phishing attempts often come from email addresses that resemble the original. However, they may have additional full stops, dashes, symbols, or other subtle differences. Check the sender’s email address carefully to ensure it’s from a legitimate source.
Avoid clicking on links unless you’re absolutely sure the email isn’t a scam. The email may contain links that redirect you to a malicious website where scammers can steal your personal information. Only click on links and buttons after you’ve confirmed that the email is safe.
Spam filters are helpful if you receive many emails daily. These filters analyze the content of every email and identify unwanted or dangerous messages. While they won’t always spot a cloned email, using them in addition to other measures is a good idea.
NordVPN has a handy Threat Protection feature that automatically scans the files you download for malware. If a malicious file is detected, Threat Protection removes it before it can damage your device.
Additionally, Threat Protection doesn’t let you land on malicious websites. If you click on a link designed to take you to a fake, malicious website, Threat Protection will block access to it and show you a warning. Threat Protection is offered for free with a NordVPN subscription.
Online security starts with a click.
Stay safe with the world’s leading VPN
We value your privacy