Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown

Skip to main content

Clone phishing

Clone phishing

Clone phishing definition

Clone phishing is an attack where a cybercriminal makes a copy of a legitimate email from a trusted sender. The attacker alters the content of the cloned email (e.g., replaces attachments or links with malicious ones) and sends it to the original recipient from a spoofed email address.

See also: angler phishing, anti-phishing service, HTTPS phishing, ice phishing

Examples of clone phishing

Invoice update

  • A vendor emails a company’s finance department with an invoice.
  • An attacker intercepts this email, clones it, and replaces the legitimate invoice with a malicious one containing malware.
  • The attacker sends the cloned email to the same recipient, making it appear like an update or correction to the original invoice.
  • The recipient doesn’t suspect foul play and opens the attachment, infecting the system with malware.

Password reset

  • A user receives a password reset email from their social media platform due to a forgotten password request.
  • An attacker clones this email and replaces the legitimate password reset link with a link to a fake login page.
  • The attacker sends the cloned email to the user, claiming that the first email had an expired link.
  • The user clicks on the link, enters their credentials on the fake login page, and gives them away to the attacker.

Software update

  • An employee receives an email from the IT department about a software update.
  • The attacker clones the email, replaces the download link with a malicious one, and sends the cloned email with a “fixed” update link.
  • The employee clicks on the malicious link and downloads malware onto their system.

Further reading

Ultimate digital security