What is clone phishing? Recognize cloned emails

Anton P. | March 09, 2023

Clone phishing copies a message from legitimate email addresses and resends it with malicious elements like links or attachments. So, the cloned message can appear to originate from colleagues, friends, or family members. 

Besides adding a dangerous attachment or link, cloned emails can require sensitive information. In other cases, they could create a sense of urgency to deal with various issues, like unauthorized payments. 

Learn to recognize a clone phishing email and avoid losing money and data or infecting your device.

Learn how to recognize clone phishing, the distribution of cloned email messages.

Clone phishing definition

Clone phishing is an email security threat cloning previously sent emails. The copied version contains malicious links, attachments, or false information. 

  • Scammers could try to infect devices with malware, adware, or spyware. However, it could also hope to steal sensitive data like passwords or credit card details. 
  • So, clone phishing is one of the subsets of phishing, using various social engineering, pretexting and baiting techniques. 
  • Clone phishing will likely use email spoofing tricks. Thus, phishing emails could even feature official email addresses. 

Clone phishing vs. standard phishing

Clone phishing is an email-based threat that differs from traditional phishing. Clone email copies the elements of a message sent from genuine sources. That could involve employers, colleagues, businesses, partners, or friends. 

Hackers could receive official emails from certain businesses and copy their content for clone phishing campaigns. 

Due to gaps in email security, it is also possible for hackers to intercept email communications. Spear phishing is similar as it usually uses relatively tailored emails. 

Clone phishing examples 

Here are some clone phishing examples that could arrive in your inbox:

  • A popular online service sends a legitimate email on new features or deals. Scammers steal the email content, spoof the sender, and distribute the cloned version. However, the updated version contains attachments or dangerous links.
  • Services like PayPal have standard emails for reporting suspicious activities. Hackers could replicate them and send them, hoping users click on fake login links and provide credentials. 

How clone phishing works 

Clone phishing emails exploit legitimate emails in hopes of gaining users’ trust. Hackers disguise themselves as trustworthy services, and here are the common steps of such attacks: 

  1. Scammers gain access to an email they plan to clone. 
  2. The contents of an email, down to the subject line, get integrated into a new email. 
  3. The updated version features attachments or links with the same names or anchor texts. However, the added files are malicious, and links lead to fake websites.
  4. The attackers send their clone phishing campaign. Scammers can quickly generate target lists by taking data leaked after data breaches. 

Red flags of clone phishing emails 

Clone phishing emails might be more believable since they feature familiar content and senders. However, certain signs can help you indicate whether a message truly comes from a legitimate source: 

  • Users should look for any spelling and grammatical errors
  • Links or attachments might be different from regular emails
  • Double-check the sender and see the original message. 
  • Be sure to check URL safety before clicking on links.
  • Do not fall for scareware tactics, suggesting payment, tax, or credit card issues.
  • Instead of spoofing email addresses, they could use domain names similar to official services.

How to prevent clone phishing attacks 

Various types of phishing can threaten your data, assets, and device security. Clone phishing is an advanced attempt to deceive users. Here are some tips on how to recognize phishing attackers.

  1. Know the warning signs of phishing 

Users should be aware of what type of emails are usually a part of phishing campaigns. Typically, fraudulent email messages involve the following scenarios: 

  • Account takeover;
  • Unauthorized access/payment;
  • Deals for special prices or opportunities; 
  • Emergency messages from loved ones;
  • Issues with credit cards; 
  • Invoices; 
  • Threats to close accounts;
  • Leaked passwords; 
  • Tech support; 
  • Tax refunds;
  • HR survey;
  • Shared Google Docs; 
  • Parcel delivery notifications.
  1. Use safe browsing tools

Clone phishing tries to trick you into opening dangerous links and attachments. If you accidentally or willingly open a malicious element, it is best to have backup protection. 

Many security applications can block access to known phishing sites. In other cases, your browser might suggest when a website is unsafe. 

Atlas VPN also protects you from fake ads and websites. Enable our Shield feature to get rid of unwanted online content. Also, connect to VPN servers whenever you use public Wi-Fi.

  1. Improve email security

Stopping spam emails can be difficult. Thus, enable all protections your email provider offers. Furthermore, improve spam filtering by reporting suspicious emails and senders.

  1. Visit websites directly 

It is best to avoid following links you see in email messages. If clone phishing asks you to log into your bank or social media account, visit the service directly. Thus, you can prevent hackers from stealing your login details and other sensitive information. 

What to do if clone phishing tricked you

Clone phishing emails can be persuasive. Thus, if you have interacted with the email, called numbers, or used login sites, try the following steps.

  • Call your provider if you have revealed your credit card or bank information. They might freeze your account for the time being. You might also cancel your current card and ask for a new one.
  • Report phishing to appropriate authorities, starting with your email provider and ending with FTC. 
  • You should change the passwords of accounts that the email likely compromised. You might also update your email password to be safe. 
  • Use antivirus software to scan your device for any viruses and malware. Attachments might have installed various types of malicious programs.
  • Stay alert for any suspicious activity on your accounts and device. If you notice odd behavior, take action immediately.

So, do everything in your power to prevent identity theft or account takeover. In the future, be wary of suspicious emails and double-check whether they are reliable.

Browse safely & anonymously with a VPN

Browse safely & anonymously with a VPN

Encrypt your internet traffic and defend against online snooping, hackers, governments, or ISPs.
Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.



© 2024 Atlas VPN. All rights reserved.