What is Clone Phishing? How It Works & How to Avoid Scams

We’ve all received suspicious emails claiming to be from trusted sources, such as online marketplaces, retail brands, social media services and banking institutions.

Scammers create these clone phishing emails to imitate genuine companies, hoping to dupe us into clicking deceptive links and downloading malware, all devised to steal our personal and financial information.

Let’s take a closer look at clone phishing, exploring the key aspects, like how it works in practise, and the everyday preventative steps you can take to avoid becoming a victim.

What Are Clone Phishing Scams?

In short, clone phishing is a common impersonation technique whereby cyber criminals attempt to exploit a target’s trust by imitating correspondence from legitimate companies, brands, agencies and institutions.

These email-based scams, which can be highly convincing, contain an essential call-to-action theme, typically urging the recipient to rectify an issue by sharing logins and personal info, or by downloading unknowingly harmful attachments.

For instance, an online banking clone email may ask a recipient to login to cancel a suspicious (albeit non-existent) transaction; a social media scam may ask its target to address a suspected account hack, and an Amazon scam may ask its target to cancel an accidental order.

Should the recipient fall into the scammer’s trap and follow the link provided, they will of course not be taken to an authentic source, but instead to a duplicate ‘spoofed’ website purposed to steal any entered information.

In addition to being used to carry out increasingly target-focused phishing scams, stolen user data – either voluntarily given or scraped by malware – can be used to carry out various fraudulent activities, including identity fraud and financial theft.

Clone Phishing or Spear Phishing?

Before we go further into the specifics of how clone phishing campaigns work, let’s firstly identify how they differ from another similar type of email-based scam: spear phishing.

Let’s start with the key characteristics of clone phishing email scams:

• Large-Scale Focused: While clone phishing emails can feel like isolated incidents to some recipients, these scams are typically directed at huge email lists, being distributed to billions of people around the globe every year
• Generic Greetings: Recipients aren’t usually addressed by their name, with messages instead beginning with blanket greetings like ‘Dear Sir/Madam/Customer’, making them highly suspicious from the outset
• Impersonation: Scammers pose as official, typically broadly known and trusted sources, including ecommerce brands, social media platforms, banks/financial firms, utility companies, and even government agencies
• Phishing Signs: Strange sender address, possible spelling mistakes, suspicious links/attachments, and requests for urgent action be taken to rectify issues like suspicious account activity, unauthorized payments, accidental purchases, pending refunds and prizes, etc (more on phishing red flags a little later)

While spear phishing email scams share the same goal, their key characteristics reveal a more personal approach:

• Narrow Attack Focused: Unlike clone phishing scams, spear phishing involves a more personalized attack method, targeting specific individuals from companies and organizations with extensive access to privileged info
• Personal Greetings: A scammer’s research into the business enables them to use a real personal greeting for the recipient, like ‘Dear Mr Johnson’; common targets include system administrators, executives, and even high-profile figures like CEOs
• The Customized Touch: The scammer’s research may also allow them to strike a more casual/familiar tone, mentioning the recipient’s business name and referencing real colleagues, associates and customers to gain trust
• Phishing Signs: Spear phishing may be dressed a little differently to the clone variety, but they still contain similar red flags, like a strange sender address, poor grammar, requests for a new payment to be made, or for some time-sensitive issue to be remedied by sharing sensitive information or downloading an attachment, etc

While being able to spot clone and spear phishing scams is helpful, the most critical lesson to take away is this: when dealing with any type of suspicious email, don’t engage with its contents until you’ve scrutinized it thoroughly.

How Do Clone Phishing Scams Work?

An effective strategy for avoiding a particular form of cyber crime is to understand how it’s put together – and the same applies with clone phishing scams. 

Here’s how fraudsters typically create these campaigns, step-by-step:

• Website Impersonation: The scammer creates a spoofed website/page designed to replicate a genuine, trusted source (such as an eCommerce company, social media platform, government agency, etc); the site will have an unsecure connection (‘http’ instead of ‘https’ prefix), and the scammer may also create and list convincing-looking email addresses to strengthen the ruse
• Clone Email Creation: The scammer creates a replica of an authentic email from the same source, mimicking the structure, style, language and tone, while making subtle changes such as altering the account login hyperlink URL (to redirect targets to the scammer’s malicious site); they will use generic greetings, and may also add malware-injected attachments
• Clone Email Distribution: Once the orchestrator hits send, the wheels of the scam are set into motion; with the clone email having now been delivered to a large list of potential victims (likely in the thousands or higher), the scammer sits back and waits
• Recipient Takes the Bait: Convinced that the deceptive email and its call-to-action is genuine, a recipient becomes drawn into the scam and starts engaging; they follow its instructions, either by clicking a link (which leads to the bogus website) or downloading a seemingly innocuous attachment (actually laced with malware)
• Interaction with Malicious Content: Now landed on the spoofed site, the unwitting victim enters their personal/financial information into data input fields, such as account logins and other details like name, address, date of birth and social security number, etc; if they downloaded a malware-laced attachment from the email, the malicious software may have quietly installed itself
• Scammer Steals the Data: The spoof site’s unsecure connection makes any personal/financial data entered potentially vulnerable to being stolen by the scammer and subsequently exploited for nefarious purposes; if the victim downloaded a malicious attachment, the malware could have automatically installed itself and begun scraping data from their device, which could also wind up being remotely pilfered by the scammer

How to Avoid Clone Phishing Scams

Although clone phishing scams aren’t showing any signs of slowing down, the good news is that most of them – even the most convincing kinds – can be identified. 

Here are several red flags to be watchful for when it comes to dealing with suspicious emails, plus some preventative steps to take, to ensure your data remains safe:

• Generic Greeting: An email claiming to be from a legitimate company who fails to address you by name (Dear Sir/Madam/Customer/User, etc) is highly suspicious
• Sense of Urgency: Fraudsters want you to act now and think later, so they will often try to shake your better judgement by warning that a time-sensitive issue, like a suspected unauthorized payment or account breach, needs to quickly be resolved
• Asking for Information: Be cautious of any emails or websites (you’ve been directed to) requesting personal/financial info, no matter the reason – especially if the linked-to-website has an unsecure connection, unfamiliar domain, or anything that strikes you as odd
• Spelling, Style, Grammar: It’s very unlikely that an email littered with one too many errors (spelling, grammar, formatting, typos, etc) originated from a legitimate source that values its reputation highly
• Sender Address: Carefully check the sender’s address, including the domain extension, keeping an eye out for overtly strange addresses and those which subtlety attempt to mimic that of the real company’s
• Low Quality Images: Emails from authentic companies typically have a professional polish to their design; low resolution/unclear images (like logos and banners, etc) could therefore indicate a potential phishing threat
• Authentic Email Comparisons: If you’ve received a suspicious email claiming to be from a company you already deal with, see how it stacks up against a past email in your inbox that you know to be authentic
• Scan Attachments: If you suspect an email could be a clone phishing scam, don’t download any attachments until you’ve firstly scanned them for harmful software using an antivirus app like TotalAV; if, on the other hand, you’re concerned about an attachment you’ve downloaded, ensure that you run an immediate full system scan
• Verify Links: Scammers can very easily change the target URLs for hyperlinks (‘amaazon1ogin.co’ instead of ‘amazon.com’), so it’s always best practise to hover over/preview the actual address before clicking
• Unsecure Websites: If you’ve been directed (through a link) to a domain purporting to be a legitimate company, ensure that it holds a secure (‘https’ – not ‘http’) connection, especially if the page requests personal/financial info; phishing scam browser tools, like Total WebShield, can help to prevent data theft by instantly detecting and blocking blacklisted spoof sites
• Password Manager Doesn’t Auto-Fill: The main function of password managers is to create strong passwords, securely store them, and provide auto-fill logins; another benefit, however, is that if the auto-fill feature isn’t populating fields, this may indicate that you’ve landed on a spoof site; be sure to use a reputable app like Total Password to optimize your logins management
• Think, Scrutinize, Act: Fraudsters prey on fear, ignorance and impatience, so never act in haste when faced with a crisis-themed email – instead, sit back, keep your logic and critical thinking intact, check for phishing red flags, and then decide the best course of action
• Check Your Account: If you’ve received an email warning of an account-related issue, the quickest way to verify the claim is often by simply logging into your account (manually – not by using the links within the suspicious email itself)
• Verify with the Company: If you’re still stumped about an email’s legitimacy, get in touch with the official customer support to verify (again, not by using links within the suspicious email); you can also ask for a second opinion from a trusted colleague/friend, which has the added benefit of warning them about the potential threat
• Activate Spam Filters: Be sure to take advantage of your email client’s automatic spam filter; while these tools aren’t foolproof, they can be highly efficient when it comes to detecting phishing emails and general spam
• Use Trusted Antivirus: Add a vital layer of protection to your online activities with trusted cyber security; the Award-Winning TotalAV antivirus and its family of apps, like Total WebShield, AdBlock and Total VPN, offers innovative, industry-leading defense against today’s evolving threats, including clone phishing scams, spoofed websites and stealthy malware