What is Clone Phishing and Does it Really Work?

Written by Cyber Tec Security
Jun 15, 2022 - 5 minute read

Clone phishing is a particularly insidious form of phishing that seeks to benefit from your existing trusted relationships. Read on to find out more...

Download Free Small Cyber Security Infographic

Phishing is an ongoing problem in the cyber security space, now responsible for over 90% of cyber attacks. The social engineering hack has now evolved to incorporate all kinds of different techniques as hackers attempt to profit off our private information.


Unfortunately, it can be a lot harder to spot these different methods, especially as they become more and more sophisticated.  


One such method: Clone phishing


Clone phishing attacks take advantage of the trust that we consumers have in the organisations we choose to do business with. By sourcing a legitimate email from the organisation, bad actors are able to copy, or ‘clone’ (you can see where they get the name form now) the email word for word and trick the recipient into thinking they’re being sent a perfectly safe email.


Hackers will even alter the display name of the sender to match that of the reputable organisation, so for most receiving the email, there would be no obvious reason not to trust it.


You’ve probably read countless times what to look for in a phishing email - bad grammar, dodgy domain, sense of urgency - but what if the message matched exactly what you’d expect to receive from your favourite supermarket or that online clothing store you frequently browse?


This is what makes clone phishing particularly dangerous.


So what exactly are these clone phishing attacks trying to do?


Well, just like any other phishing attack, clone phishing ultimately wants to harvest your personal details, and it will often do this with malicious links or attachments inserted into the otherwise unassuming email.

cursor hand

Malicious links can be detected if upon hovering over the link, it appears different to the displayed link. If you find this is the case, it’s unlikely that the email has really been sent by the organisation it claims to be.  


Tricked by a URL

Unfortunately, some clone phishing attacks will take things a step further and not only target you with a convincing email, but within this email, they might link to a malicious website that is designed to look like a trusted one. 


Security researchers have shown how attackers may even be able to make the website URL appear fully legitimate using Unicode characters.


Unicode is an encoding standard that provides a unique code for each character of most modern and historic scripts used by people every day. 


Certain browsers, like Safari, detect when this is being done and you’ll see the Unicode written out as the URL, but others aren’t so smart. 

Unicode character map

Now you can see just how easy it is to click on a link that looks entirely trustworthy from an email that looks entirely trustworthy and input your details, without so much as an inkling of doubt. 


The best way to avoid being fooled by a situation like this would be to type in the URL yourself or navigate to the page on the organisation’s website in your own browser.


Of course, an attack like this would take a fair bit of effort to pull off, but this is just to show how sophisticated phishing attacks can be nowadays, making it all that more difficult for users to stay safe online. 


What happens if you fall victim to a clone phishing attack?

Clone phishing attacks are usually sent out en-masse, while the hacker eagerly awaits to see who will fall for it. If you’re unfortunate enough to be a victim of this, often the bad actor will use your information to access your own contacts and send the cloned email to more and more people, thus spreading the attack even further. 


But if you're wondering what to do if you clicked on a phishing link, we’ve written a full breakdown of the steps you should take to contain any damage. 


What can we learn from clone phishing?

Hopefully, this article has shown you the lengths that some people can go to to get hold of your personal information. Clone phishing is a particularly effective form of phishing that can trick even the more cautious among us. 


Human error is the reason these types of phishing attack are successful, so the best thing to do is work to improve your cyber awareness and know what to look out for when it comes to emails, to give yourself the best chance of spotting anything ‘phishy’.


Here are some top tips for staying cyber vigilant:


  • Always check the legitimacy of links in emails and wherever you can, type the URL in yourself rather than clicking a link 
  • Similarly, if you suspect a fraudulent email, try calling the organisation or the sender themselves to check its authenticity 
  • Watch out for spelling errors. With clone phishing, even if the email has been copied, sometimes a hacker may add an extra sentence or two, so be sure to read the email carefully and assess whether the tone is consistent and there are no errors. 
  • It should go without saying but always keep your personal and work credentials secure and never share them for convenience's sake.
  • Use email security tools to help filter for phishing attempts


Phishing attacks can be extremely bad news for businesses, but as long as you have processes in place to continually build employee awareness, as well as effective security solutions implemented for your work’s email client, you’ll be well protected against the likes of clone phishing and all the other techniques hackers will use to try and infiltrate you or your organisation.