Skip to main content

What Is Clone Phishing? Common Cases & Security Tips

  |  Dashlane

They say imitation is the sincerest form of flattery. Clone phishing gives new meaning to this adage when cybercriminals replicate real professional and personal emails for malicious purposes. Let’s take a closer look at some clone phishing traits and prevention strategies.

What is clone phishing?

Phishing is a common social engineering tactic that uses emails appearing to be from a trusted sender to trick recipients into providing personal information or clicking on unsafe links. A clone phishing attack takes this method to the next level by using replicas of legitimate emails to heighten believability. This attention to detail can make clone phishing emails difficult to spot. 

A graphic depicting a real email and a clone phishing email. The cloned email is exactly the same as the real email except for the domain of the sender’s email address.

Clone phishing vs. spear phishing

Spear phishing is a type of phishing attack that profiles specific targets. Hackers perform additional research to help them personalize message content. Whaling attacks take this a step further by targeting only high-level executives. Clone phishing tactics can be used for both spear phishing and whaling attacks since copying an official email format helps convince the target that the email and sender are above board.

Clone phishing examples

Since clone phishing helps get malicious emails past our defenses, the attacks are becoming more common and diverse. Some dangerous clone phishing examples you may have already experienced include:

  • Replicated bank emails: Using a realistic bank email format and signature as a template, hackers send emails appearing to be from your bank to get access to your financial account information or login credentials. A fake bank email might include a fake link to a refund or a request to update your credentials. Keep in mind that your bank will never ask you to disclose personal information or account numbers through email. 
  • Duplicate emails from IT: Hackers realize many email recipients are likely to trust any message from their IT department and follow the instructions they include, such as installing or updating software. A clone phishing attack might use an IT email that was previously sent to someone else as a model, and then add a link to a malicious website or malware in place of the original software link.  
  • Imitated emails from streaming services: Accounts like streaming services are so common that they make it easy for attackers to find examples of legitimate email messages, and then add their own malicious spin. One common tactic involves notifying a recipient that their payment method failed and asking them to re-enter their card or bank account information.         

Want to learn more about using Dashlane Password Manager at home or at work?

Check out our personal password manager plans or get started with a free business trial.

8 common traits of a clone phishing email

Clone phishing emails are dangerous because they’re harder to identify than a traditional phishing scam. Still, there are some common traits you can look for to bolster your security and lessen the impact of clone phishing:

  1. Suspicious email address. Look closely at the sender’s email address since this is one thing the hackers can’t clone. The presence of extra characters or missing characters can be red flags, so always research the sender or simply delete the message when in doubt. You can also contact the sender directly or compare the company’s actual website to the domain name in the sender’s email to see if there are any discrepancies.
  2. Spoofed hyperlinks. Hackers can use formatting or radio buttons to conceal the actual hyperlink address, so always hover over any link to review the full URL before you click on it, even if you believe the email is legitimate. A spoofed hyperlink might look very similar to the actual address, with only subtle changes, like 0’s in the place of O’s, that are easy to miss.
  3. Unexpected links or attachments. Most of the emails you receive from friends, coworkers, or businesses only include attachments in response to something you had requested or were otherwise aware of in advance. If you receive an email with a link or attachment you don’t need or weren’t expecting, it’s best to refrain from opening or downloading the file.
  4. Requests for sensitive information. A request for sensitive or personal information is a trait shared by all phishing email types. Most reputable companies will never ask you for information like credentials or account numbers in an email. Don’t reply or respond to questions in an email before you have verified the sender's legitimacy.
  5. Urgency and scare tactics. Phishing emails capture our attention by conveying an unusual sense of urgency, threatening dire consequences if we don’t respond, or presenting offers that sound too good to be true (and always are). All phishing emails use these strategies, including clone phishing emails.
  6. Generic salutations. Would someone attempting to reach you regarding an urgent matter begin their message by saying, “Dear Sir or Madam,” or simply “Hello”? Probably not. These generic greetings are often found in spam emails or shotgun marketing campaigns. If an email sender doesn’t know your name, they certainly shouldn’t be allowed to know anything else about you, so don’t respond.
  7. Poor grammar. Poor spelling and grammar have always been hallmarks of phishing emails. Cloned emails are less prone to these errors, since they’re copied from actual messages, but newly added sections might still have these flaws. Generative artificial intelligence (AI) tools are beginning to make it easier for cybercriminals to write phishing emails in a more professional tone.
  8. Unusual branding. By cloning an email, hackers will try to make the logo, background, font, and format look just like the real thing, but they sometimes come up short. If details like the logo size or color scheme seem off, it could be that the company has updated its branding, but it could also indicate a fake. Carefully review the URL and other information if the appearance of the email is inconsistent. 
An example of a clone phishing email with a suspicious email domain, a subject line intended to scare the recipient, a generic salutation, a request for sensitive information, a spoofed hyperlink, a grammar mistake, unusual branding, and a suspicious attachment.

7 security tips for preventing clone phishing attacks

Advanced cybersecurity tools can minimize the cloning security risk. Social engineering tactics like phishing that rely on human nature and human error can also be prevented through ongoing training and awareness.

For businesses:

  • Foster a culture of security: Companies can establish a culture of security by sharing objectives and statuses from the top down and helping each employee understand how their own actions impact the overall security posture of the company. A strong security culture can prevent clone phishing attacks by encouraging two-way communication with IT teams and timely reporting of suspicious emails.
  • Create a cybersecurity training program: Training contributes to the security culture by teaching employees what to look for and how to respond to warning signs. Elusive hacking tactics like clone phishing are one reason why the global security awareness training market is growing by 15% each year.
  • Run simulated phishing campaigns: Many companies are contracting white hat hackers and other phishing experts to develop simulated phishing campaigns. These long-term programs use realistic sample phishing emails sent to employees to test their judgment and awareness. If an employee mistakenly responds to a test phishing email, it becomes an opportunity to educate that employee on the danger signs they missed.
  • Deploy email security tools: Email security tools, including firewalls and email security software, scan incoming messages and traffic based on pre-defined criteria. Many email services for businesses include configurable email filters that prevent phishing emails from reaching users. Antivirus and anti-malware software packages support these tools by identifying and eliminating malware that’s frequently spread through phishing attacks.       

For everyone:

  • Use a credential manager: A credential manager lessens the impact of clone phishing by creating strong, complex passwords that are never stored or shared in an unencrypted format. If the phishing attack includes a spoofed URL, the best credential managers prevent you from unknowingly autofilling your credentials when the URL does not match the verified website address. 
  • Keep software updated: Patch management and software updates help ensure system vulnerabilities are addressed quickly to reduce the effectiveness of phishing and other hacking tactics. Web browsers should also be kept up to date so features like certificate validation and pop-up blockers can most effectively minimize the impact of a phishing attack.
  • Turn on multifactor authentication: Multifactor authentication (MFA) uses additional factors like codes sent through an app, fingerprint scans, or passkeys to verify user identity. Although MFA won’t stop a phishing email from reaching your inbox, the extra layers of security make it more difficult for hackers to access accounts if they manage to steal credentials through a clone phishing attack.
Graphic of 3 icons representing how multifactor authentication verifies user identity through 3 steps: Step 1) Username and password entered into a browser, Step 2) PIN from mobile phone entered, and Step 3) Fingerprint verified.

How Dashlane helps mitigate clone phishing

To combat clone phishing and other persistent threats, Dashlane provides easy password generation, secure storage and sharing, AES-256 encryption, and customizable Autofill that automatically prevents you from logging in to unsecure websites. A Password Health score tracks your weak, reused, and compromised passwords to protect you from hacking, while our Dark Web Monitoring scans the depths of the internet for your credentials and alerts you if they’re found on the dark web. Our patented zero-knowledge architecture ensures no one else (not even Dashlane) can access your unencrypted data.

 Don’t let cybersecurity jargon get in the way of protecting your organization. We break down the fundamental terms, jargon, and acronyms in our Essential Guide to Common Cybersecurity Terms.


  1. Dashlane, “What the hack is Phishing?” March 2020.
  2. Mimecast, “What is a whaling phishing attack?” 2023.
  3. Canadian Bankers Association, “Does this email look phishy? Check out examples of the latest scam emails,” July 2023.
  4. Dashlane, “What the Hack Is Malware?” February 2020.
  5. Dashlane, “How to Spot a Phishing Scam,” November 2019.
  6. Dashlane, “Email Security Best Practices to Protect Your Business,” August 2023.
  7. Microsoft, “Protect yourself from phishing,” 2023.
  8. Dashlane, “Why Dashlane Will Never Ask You for Credentials in an Email (Because That’s How Phishing Works),” November 2021.
  9. Dashlane, “Strange Security: What to Know About Generative AI and Cybersecurity,” June 2023.
  10. Dashlane, “How to Create a Culture of Security,” March 2022.
  11. Cybercrime Magazine, “2023 Cybersecurity Almanac: 100 Facts, Figures, Predictions, And Statistics,” May 2023.
  12. Dashlane, “Interview With a Hacker: Rachel Tobac Tells You How to Defend Yourself From…Well, Her!” March 2021.
  13. NIST, “Phishing,” 2023.
  14. Dashlane, “These New Alerts Notify You When Something’s Phishy,” September 2023.
  15. Dashlane, “A Complete Guide to Multifactor Authentication,” October 2023.
  16. Dashlane, “What Is a Passkey and How Do Passkeys Work?” February 2024.
  17. Dashlane, “A look at Password Health Scores around the world in 2022,” 2022.
  18. Dashlane, “Dark Web Monitoring: Your Employees Are Likely Using Compromised Passwords,” July 2022.
  19. Dashlane, “Putting Security First: How Dashlane Protects Your Data,” October 2023.
  20. Dashlane, “Essential Guide to Common Cybersecurity Terms,” 2023.

Sign up to receive news and updates about Dashlane