Cloned Company Websites

Cloned company website scams create near-identical replicas of a real organisation's website — a bank, retailer, airline, utility, government service, or any brand with significant online traffic. AI tools have made cloning faster and more precise: the entire visual design, layout, copy, product images, and even interactive elements such as login flows and checkout processes can be replicated in minutes from the original site's source code and assets.

The cloned site exists to deceive visitors into believing they are interacting with the genuine company. Depending on the scammer's goal, the clone may harvest login credentials, collect full card payment details for goods that will never arrive, capture personal data for identity theft, or redirect users into a fake support experience designed to extract further sensitive information.

Because the visual fidelity is now so high — the right logo, the right typeface, the correct product photographs — victims must inspect the URL carefully to detect the deception. This is the single exploitable difference that remains, and it is one that human attention frequently misses, particularly when arriving at a site through a click rather than conscious typing.

Scammers first register a domain designed to pass a quick visual check. Techniques include replacing a letter with a similar-looking character (homograph attack), appending words such as 'secure', 'login', or 'support', using a country-code extension that looks plausible, or registering the most common typo of the genuine domain. Some domains are designed to appear credible even to cautious users.

They then scrape the genuine site's HTML, CSS, images, and other assets and host them under the fake domain, modifying only the form submission endpoints so that captured credentials and card details are sent to the scammer rather than the real company. AI-assisted cloning tools can automate this entire process.

Traffic is directed to the clone through multiple channels simultaneously. Paid search advertisements place the clone above organic results for high-intent searches. Phishing emails and texts contain links using convincing anchor text. Social media ads direct users who click on promotions. Typosquatting catches users who mistype the domain.

Once on the site, the experience mirrors the genuine one so closely that login, checkout, or support interactions proceed normally from the user's perspective — until they discover that credentials have been used fraudulently, payment was taken for undelivered goods, or their identity has been compromised.

Navigation behaviour for familiar sites is largely automatic. When people visit a bank or retail site they use regularly, they rely on visual pattern recognition — the logo looks right, the layout is familiar, the colours match — rather than performing a deliberate domain check on every visit. Scammers exploit this automatic recognition by reproducing the visual experience precisely while changing only the underlying URL.

The search advertisement placement is highly effective because most users implicitly trust that the top result in a search is the correct one, particularly for brand-name queries. The mental model that 'searching for [brand] finds [brand]' does not account for paid placements from malicious advertisers.

AI makes this fraud cheaper and faster to execute. What previously required manual design and HTML work can now be accomplished automatically, lowering the barrier for less technically sophisticated actors and enabling more targets to be cloned simultaneously.

A shopper searches for a well-known outdoor retailer to check on an order. The top search result is a paid advertisement leading to a domain one character different from the real one. The site looks identical to the genuine retailer. They log in and their credentials are captured. Over the following days, their account is used to place orders to a different address and their stored card details are tested on other services.

Log in to your [brand] account to claim your reward: [look-alike link].

Your [brand] package is on hold — verify your delivery address and pay the [amount] customs fee here: [fake link].

Important: unusual activity detected on your [bank] account. Secure it now: [look-alike link].

[Brand] exclusive sale — 60% off today only. Shop now: [fake link].

Your [government service] account requires verification. Complete your details: [fake link].

Your [airline] booking confirmation — click here to manage your trip: [look-alike link].

The most reliable protection against cloned sites is navigation hygiene: type the web address directly into the browser address bar, use a saved bookmark, or open the brand's official mobile app. Never navigate to a site through a search advertisement, a link in an email or text, or a social media post when you intend to log in, make a payment, or access an account.

Before entering any credentials or payment details, read the full domain in the address bar carefully. Do not rely on glancing at the start of the URL — check the entire domain, including the extension. Look for any character that is not exactly as expected: an extra hyphen, a substituted letter, an unfamiliar extension, or an appended word.

Check for a valid HTTPS connection (padlock icon), but do not treat this alone as proof of legitimacy — scammers obtain valid TLS certificates for fake domains. The padlock confirms the connection is encrypted, not that the site is genuine.

For financial sites and services, save the correct URL as a verified bookmark immediately after you first navigate to it correctly. Use that bookmark exclusively for future visits.