What is Clone Phishing? Definition and Examples

Surveys report that 96 percent of UK businesses were targeted by phishing scams within a single year. We all know, and can easily spot the “Nigerian prince” style of phishing scam. But phishing is becoming more sophisticated, harder to spot, and consequently more of a threat to businesses.  

Are you worried about falling victim to a sophisticated phishing attack? This might take the form of whale phishing, spear phishing, or clone phishing. Clone phishing is a particularly insidious threat – and even the best and brightest have fallen for it in the past. But why? Let’s begin with a clone phishing definition before looking at some examples. 

Clone phishing is a form of email-based threat with a particularly nasty twist. Attackers clone a genuine email with attachments or links so that it looks like it comes from a sender you know or a company you do business with. 

The mail and its attachments look just like the original ones, but instead, they contain malware such as keystroke loggers or ransomware or have been subtly adjusted to serve the scammers. For example, besides unsafe attachments, they may offer you a link to click on. Once again, it looks perfectly normal, but it takes you into dangerous territory. 

Examples of Clone Phishing

Many clone phishing attacks are distributed in bulk and use cloned websites. This was the case when thousands of Australians received emails from the government portal myGov. It instructed them to click on a link to a cloned version of the myGov website where they were required to log in and input their banking details. This occurred in 2018, and the sequels to it kept piling up until 2023 when myGov decided to move to passwordless authentication to thwart hackers. By this time, $3.1 billion in losses had occurred. 

Similarly, the UK was hit by a clone phishing attack using a cloned NHS website and emails designed to appear as though they were from the NHS. The initial goal was to obtain sensitive information which could be sold or used to develop additional scams.

The examples we just discussed only partially cloned emails, but they used very convincingly cloned websites. In many clone phishing attacks, entire messages are copied with perhaps a tweak to encourage you to act on this version rather than an earlier one you already received. These can be even more difficult to spot. 

For example, you received an invoice from a supplier, but it’s followed by an “updated” or “revised” invoice. The scammer hopes that you will click a link or open an “updated” attachment since you were expecting to hear from them. That’s their opportunity to infect your device with malware or steal information. 

Clone Phishing vs Spear Phishing

Clone phishing and spear phishing have their similarities, but clone phishing differs from spear phishing in a few important details. 

Spear phishing is usually very targeted indeed, with the hacker or scammer setting their sights on a high-level individual or a very small group of people. Clone phishing is usually (but not always) more generalised and targets more people. When clone phishing specifically targets a company, it’s because the potential haul for the hackers is so much bigger. There may be fewer such attacks, but the damage they do is far greater.

The primary difference between clone phishing and spear phishing, however, is often in the body content of the emails used as a vehicle for the attack. A clone phishing email is a near-exact copy of an email you already received or would expect to receive. That’s what makes it look so innocent – and that’s why it’s so easy to fall for clone phishing. A spear phishing email, on the other hand, will be much more specific and individualised. It may seem completely plausible, but it isn’t a copy. 

How to Identify Clone Phishing Attacks

It’s Urgent

A sense of urgency is often the vital clue to a phishing attack, and in clone phishing, it may be all you have to go on. Hackers don’t want to give their victims time to think. They frequently call for immediate action, and there may be some mention of a risk or threat to spur you on. 

It’s a Copy or “Updated Version” of Something You Already Received

Since many people know that urgent-sounding emails can be phishing scams, a savvy scammer might simply send you a copy of an email you already got, perhaps noting that the attached information has been updated or corrected. By doing so, they hope that you won’t become suspicious after receiving the same email twice. Alternatively, they may send the cloned email as is. After all, you might just click that link or open that attachment!

The simplest way to verify the authenticity of a suspected phishing mail is to call the company or organisation it purports to be from. After all, someone there will be able to confirm whether their company sent the email – but since it can be a very close copy, or even an exact one, even this isn’t completely foolproof. 

Domain Name or Email Address Not an Exact Match (Not a Watertight “Tell”)

Finally, alert users who have been trained to spot the signs of a phishing attack might notice that a website they reached is not genuine or that a sender’s email address isn’t quite correct. For example, a website may have an incorrect URL or lack security certification – but once again, this isn’t always as watertight as it may sound. 

Apart from creating cloned websites with very subtle differences in the URL, cross-site scripting – “stealing” access to a legitimate website and then using it as they please – is not beyond hackers’ capabilities. Similar warnings apply to email addresses – a bona fide user’s email address can be hacked – or a very similar email address can be created.

How to Protect Your Business Against Clone Phishing Attacks

With clone phishing being so hard to spot, the best protection is to make sure you and your staff don’t get those convincing-looking phishing emails in the first place. Email security software is better at spotting phishing than people are. It will look out for malicious links or attachments, often blocking the content so that it never reaches the intended victim’s inbox.

Additional cyber security measures can make a further contribution to blocking clone phishing attacks. For example, multi factor authentication can prevent hackers from using stolen credentials and cyber security systems will pick up unusual activity indicating that credentials may have been compromised. 

And, although the right cyber security software should protect you and your staff from clone phishing attacks, training users to implement good cyber security practices is always a good idea. After all, bad actors love easy targets – make sure that you and your employees don’t fit this description!

Get the cyber security advantage with Advantex. We not only provide the tools you need to keep your business safe online, but educate you so that you’re empowered to stay that way. Put us to the test with your free 14-day trial – we’re looking forward to working with you. Contact us for more information about our cyber security services. 

Read about other types of Phishing: Spear PhishingWhale Phishing, Vishing, Smishing.

Read more about Cyber Security

Address

Advantex Network Solutions Limited
16B Follingsby Close
Gateshead
Tyne and Wear
NE10 8YG

Phone

0345 222 0 666