What Clone Phishing Is and How to Avoid It

DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.

Around 90% of corporate security breaches happen due to phishing. By now, most of us are well aware that, when we get spam emails telling us we’ve won a large sum of money, something fishy is probably going on. However, some scammy emails are far more sophisticated and thus much easier to fall prey to; clone phishing is one of those.

So, what is clone phishing exactly? If you don’t know, fear not: Our article will differentiate clone phishing emails from harmless ones, and how to protect yourself from clone phishing attacks.

What Is Clone Phishing and What Are the Other Types of Phishing?

First, we need to explain what phishing is. The term refers to a cyberattack where the cybercriminal extorts money, or acquires personal information for identity theft under false premises. They usually do so by sending emails and text messages, or making phone calls.

For example, they may claim to be calling from your bank, and say there has been some kind of problem with your account. They will then inquire about your credit card details. Needless to say, you should never give out your card details over the phone.

The most common types of phishing are:

  • clone phishing
  • spear phishing
  • barrel phishing
  • whaling
  • smishing

The definition of clone phishing is that it’s a type of scam where the perpetrator replicates the emails from an existing, legitimate company. Some clones can be very well-duplicated, fooling even the most keen-eyed individuals. They are made to look exactly like the official emails the chosen company usually sends; you may even get a clone phishing email soon after receiving an official one from a legitimate company.

The cyberattacker will usually give an excuse that the follow-up email is the updated version of the previous one. This phishing email contains malicious links or asks for sensitive information.

Spear Phishing

This usually involves the cyberattacker posing as an important individual within the target’s company, or their friend or family member. Given that they’re impersonating a person the victim is likely to trust, these con artists have a higher chance of acquiring sensitive information and using it for their benefit.

Barrel Phishing

Barrel phishing involves two emails: The first one is completely safe, but the second is the trouble-maker. For example, the sender would tell you they have something to ask you. Once you reply, they will send a malicious email, for example, one containing a file they claim they want you to proofread, which contains malware.


The primary distinction of this scam is its target – it’s always aimed at high-profile individuals, such as senior executives. These kinds of emails usually contain some information personal to the receiver to trick them into thinking the sender is legitimate.


Smishing relies on text messages, and sometimes, the hustler will call the target first and ask for personal information before sending the text. It creates a sense of urgency with a message that is difficult to ignore. For example, the text might appear to be from FedEx, saying you have a package waiting. It’s usually contains a link and asks you to perform a specific action, such as input your delivery preferences.

Examples of Clone Phishing

Whenever a major phishing attack happens, warnings are issued all over the internet describing said attack. For example, one attack resembling clone phishing targeted Star Wars fans. An official-looking website and social media accounts were created, claiming to offer free streaming of the new Star Wars movie days before the premiere. However, the website visitors were asked to fill in credit card details before they could proceed to watch it.

A typical example of a clone phishing email would be an urgent message from a clone email address claiming to be PayPal. The email copies the wording from real PayPal emails, and tells the target that there has been some suspicious activity on their account. The aim is to urge the victim to act without thinking too much. The email contains a login button, and attempts to collect the password by tricking the target into logging in using the given link.

Always take the time to examine every email, regardless of how urgent the matter may seem. Whatever it is, it can wait five minutes.

Another common example of clone phishing includes a fake email that appears to be from a trusted airline offering the target a refund. The aim of such emails, in many cases, is to gather sensitive data, such as bank account details.

How to Discern Clone Phishing Emails from Legitimate Ones

As previously mentioned, clone phishing emails aim to appear as though they were sent from a well-known, legitimate company. Common characteristics of clone phishing are:

  • Spelling and grammatical errors
  • Suspicious links
  • Email addresses slightly different from official ones
  • Urgent messages

Since cybercriminals who use clone phishing attempt to trick you into handing out your personal information, they will often either say you need to act quickly or create a scenario where you’d feel you need to solve the problem immediately, using the solution they offered you.

How to Defend Yourself Against Clone Phishing Attacks?

To avoid falling for a clone phishing scam, scrutinize every email you get, no matter how legitimate it may appear. The first step is to look for the malicious email signs mentioned in the previous section. Take the following steps:

  1. Check the validity of the sender’s address. The scam address usually looks almost identical to that of the company the scammer is impersonating. However, there might be a missing letter, or another tiny difference indicating that the email isn’t official.
  2. Look for any spelling mistakes or grammatical errors in the email. Sometimes, the writers of these phishing emails aren’t native speakers, so the text might contain very obvious mistakes. In other cases, there may be no mistakes at all, making it a bit more challenging to recognize scam emails.
  3. Don’t click on any links until you confirm the email is legitimate. Make sure that the URL starts with HTTPS, not HTTP. You can also use a link checker to ensure the link isn’t malicious, and check whether the hyperlink matches the URL. You can do this by hovering your cursor over the link, without clicking.
  4. Use spam filters. Although not always accurate, they can be helpful if you’re getting tons of emails daily. This software analyzes the content of the email, its origin, and what software was used to send it.

If, after following these steps, you find the email doesn’t feature any of these characteristics, but are still suspicious, you can contact the email sender via a separate message. However, make sure to type the address that you find on the official website of the company claiming to contact you. If the email turns out to be malicious, you should report it.

Final Comments

In this article, we presented the clone phishing definition and common clone phishing attack examples, explained how to distinguish legitimate emails from clone phishing ones, and how people can protect themselves from these attacks. It’s up to you to be careful and avoid letting these sneaky con artists take advantage of you.

Leave a Comment

Scroll to Top