Glossary
What is clone phishing?
Clone phishing is an attack that copies a legitimate email you've already received — same sender, subject and wording — then swaps its links or attachments for malicious ones. Because the message looks identical to a real one, it's especially convincing.
How clone phishing works
The attacker obtains or recreates a real email, replaces a link or attachment with a malicious version, and resends it — often claiming it's a 'resend' or 'updated' copy. The familiarity disarms the recipient.
Clone phishing frequently follows an account compromise, where the attacker has access to genuine past emails to copy.
How to spot it
Watch for slight differences in the sender address, unexpected 'resent' or 'updated' messages, and links whose true destination differs from before. When in doubt, verify with the sender directly.
How to prevent clone phishing
- Check the sender's exact address and the real link destination before clicking.
- Be wary of 'resent' or 'updated' versions of emails you've already actioned.
- Verify unexpected attachments or links with the sender through another channel.
- Use MFA so a single compromised account can't easily fuel further attacks.
How HookPhish helps
HookPhish trains people to verify links and senders even on familiar-looking emails, and its detection helps surface impersonation that fuels clone phishing.
Frequently asked questions
How is clone phishing different from regular phishing?+
Clone phishing copies a real, previously sent email and swaps in malicious content, which makes it more convincing than a generic phishing message.
How can I tell an email is a clone?+
Look for small changes in the sender address, unexpected 'resent' or 'updated' claims, and links that point somewhere different than before.
What enables clone phishing?+
It often follows an account compromise, where attackers can access genuine past emails to copy convincingly.
Security training designed for people. Built for enterprise.
Learn how HookPhish can effortlessly transform your security program and reduce your human cyber-risk.
Fill out the form to schedule a 30-minute chat with a product expert. We'll discuss the challenges you want to solve, walk through HookPhish, and answer any questions.
Book a personalized demo
Looking to become a partner? Use this form instead.