Press Release Security

Clone Phishing — an Attack that Can Trick Even the Most Cautious Users

Image courtesy of Pixabay

Cybersecurity Expert Explains How to More Easily Identify this Kind of Attack

A survey by NordVPN showed that 84% of users had experienced social engineering behavior in the past, and more than a third of them have fallen victim to phishing email scams. Experts say that a new type of phishing has started to emerge recently — clone phishing — which can trick even the most cautious users.

Clone phishing is a scam where a cybercriminal replicates a legitimate email or website to trick the victim into giving personal information. The cloned email looks almost the same as the original and contains legitimate details, making clone phishing more difficult to spot than other phishing attacks.

“Even though users learn and become more cautious every time they experience a cybersecurity issue, criminals don’t make it easy by constantly developing new techniques to target people. Clone phishing attacks take phishing to the next level because the emails are usually highly personalized and replicate something that a victim received in the past,” says Adrianus Warmenhoven, a cybersecurity expert at NordVPN.

How Does Clone Phishing Work?

First, the attacker intercepts a message sent to a user from a legitimate source (e.g., a bank, client support service, money transfer site, or employer). Attackers may use various techniques to intercept emails, including DNS hijacking. A hacker won’t always need to intercept emails to carry out clone phishing attacks. However, if they do, these clone emails become much more difficult to spot because they look just like the original.

After that, a scammer creates a replica of the email and sends it to the victim, urging them to take action. Scammers want their victims to act quickly, so phishing emails always sound urgent. You may see common social engineering tactics like asking users to change their passwords or provide other sensitive data because their account has been “compromised.” It’s also common for clone phishing scams to contain a malicious link that a user can click thinking they’ll access a legitimate website.

The victim opens the email, believing it to be from a legitimate source. They may open an attachment (e.g., a PDF document) that instantly installs malware on their machine and provides cybercriminals access to their sensitive information. Or they may click on a link included in the email and are redirected to a malicious site, allowing attackers to steal their information.

How to Prevent Clone Phishing Attacks

“Spotting clone phishing attacks can be tricky, especially if the scammers have a lot of experience in creating cloned emails. However, you can take several steps to reduce the likelihood of falling victim to this social engineering attack,” says Adrianus Warmenhoven and provides a list of tips that can help users avoid being affected by clone phishing emails.

  • Check the sender’s email address. Before you click anything or reply to the email, make sure the sender’s email address is legitimate. Clone phishing attempts often come from email addresses that resemble the original. However, they may have additional full stops, dashes, symbols, or other subtle differences. Check the sender’s email address carefully to ensure it’s from a legitimate source.
  • Don’t click on links. Avoid clicking on links unless you’re absolutely sure the email isn’t a scam. The email may contain links that redirect you to a malicious website where scammers can steal your personal information. Only click on links and buttons after you’ve confirmed that the email is safe.
  • Use spam filters. Spam filters are helpful if you receive a lot of emails daily. These filters analyze the content of every email and identify unwanted or dangerous messages. While they won’t always spot a cloned email, using them in addition to other measures is a good idea.

“Clone phishing emails are not dangerous until you click the links or files they include. So the general recommendation is not to rush into trusting everything you read in your email inbox. It is always safer to double-check with the company that is emailing you and contact them by phone before you provide any personal information or click on the links in your emails,” says Adrianus Warmenhoven.

About the author



NordVPN is the world’s most advanced VPN service provider, used by millions of internet users worldwide. NordVPN provides double VPN encryption and Onion Over VPN and guarantees privacy with zero tracking. One of the key features of the product is Threat Protection, which blocks malicious websites, malware, trackers, and ads. NordVPN is very user friendly, offers one of the best prices on the market, and has over 5,000 servers in 60 countries worldwide. For more information: