Cloned Company Website Scams Sent by Email
How phishing emails drive victims to pixel-perfect clones of real company websites built to steal payment details, login credentials, or fake support fees.
Part of: Cloned Company Websites
Last reviewed: 13 July 2026
Cloned company websites are near-exact copies of a real brand's site, matching logo, layout, product pages, and sometimes even a live chat widget, hosted on a lookalike domain. Email is the most common delivery method because a single message blast can reach thousands of people with the same link and a false sense of urgency, an account suspension, a failed payment, or an unexpected charge.
Once a recipient clicks through, the clone site is designed to capture whatever it asks for: card details entered at a fake checkout, login credentials at a fake sign-in page, or a bogus 'support fee' charged through a convincing payment form. Because the clone is disposable, scammers rotate domains quickly to stay ahead of blocklists and takedown requests.
How this scam works on Email
A fake shipping notification email claims a package cannot be delivered without a small redelivery fee, linking to a clone of a courier or retailer's tracking page that requests full card details. A fake 'your subscription payment failed' email links to a cloned billing portal, complete with the real brand's logo, asking the recipient to re-enter their card number to avoid service interruption. Some clones go further, offering a live chat with a 'verified support agent' who asks the visitor to install remote-access software to 'fix' an account issue, giving the scammer direct control of the victim's device. The clone's domain is usually a close but not exact match to the real company's address, an extra hyphen, a swapped letter, or a different top-level domain, and it typically carries a valid security padlock, which confirms only that traffic is encrypted, not that the site is genuine.
Common red flags
- The email creates urgency about account suspension, a failed payment, or an unexpected charge
- The link's domain is a close but not exact match to the real company's URL
- The site looks identical to the real one but was reached only through an email link, not by typing the address directly
- You're asked to pay a processing, redelivery, or verification fee upfront
- The sender's email address doesn't match the company's actual domain
- Live chat quickly asks you to install remote-access software or re-enter a card number to verify your account
How to protect yourself
- Never click links in unsolicited emails, type the company's known web address directly instead
- Hover over links to check the actual destination domain before clicking
- Check the sender's full email address, not just the display name
- Report suspicious mail through your email provider's phishing tool rather than clicking unsubscribe
- Verify unexpected charges or shipping issues by contacting the company through a number or site you already trust
- Use a password manager, it will not autofill saved credentials on a lookalike domain
How to report it
- Report the phishing email to the impersonated company's fraud or abuse team
- Forward the email to your email provider's phishing reporting tool
- Report the cloned website to Google Safe Browsing or the hosting registrar's abuse contact
- File a report with your national cybercrime authority (e.g., IC3 in the US or Action Fraud in the UK)
Frequently asked questions
How can I tell a cloned website from the real one just by looking at it?
Visual appearance often can't tell you much, clones are typically pixel-perfect copies. Check the address bar domain character by character against the company's known URL and look for subtle swaps, an extra word, a different ending, rather than trusting the page's look.
I already entered my card details on a cloned site, what should I do?
Contact your card issuer immediately to cancel the card and dispute any charges, and monitor your statements for further fraud. Whether you get a refund may depend on your card issuer's policies and how quickly you report it.
Why did the clone site have a padlock icon like the real one?
Free, automated security certificates are widely available and only confirm that traffic between you and the site is encrypted, they say nothing about whether the business behind the site is legitimate.
Can I trust a site just because it appeared in a search result or ad?
No, scammers buy search ads and use search engine optimization to rank clone domains too, appearing near the top of results is not proof of legitimacy.
What if a cloned site asked me to install software to restore access?
Uninstall it immediately, this is typically remote-access malware. Run an antivirus scan and change your passwords from a separate, trusted device.