ONLINE CASINO SCAMS The Independent UK Watchdog
The Impostors

Cloned casino sites and fake casino apps, explained

A cloned casino site is built to be mistaken for somewhere you’d trust — a pixel copy of a real brand on a slightly wrong address, or a wholly invented casino with a licence badge that means nothing. The goal is never to run a casino; it’s to collect your deposit, your card details and the identity documents you upload to “verify”. This guide breaks down how clones reach you, what they harvest, how to confirm you’re on the genuine site, and what to do if you’ve already handed something over.

Spotting a cloned casino site: Domain almost — not exactly — the brand; Reached via an ad, message or search link; A licence ‘badge’ that doesn’t verify; ID documents demanded unusually early.
Section 01 / The Definition

What a cloned casino site actually is

“Cloned casino site” covers two closely related cons that feel identical from the player’s side.

The pixel-copy clone. A real, recognisable brand is duplicated almost exactly — logo, colours, game lobby, login screen — and hosted on a lookalike domain. The address is the giveaway and also the trap: it’s almost right. An extra hyphen, a swapped letter, a different ending (.net instead of .com, .casino instead of .co.uk). Everything you see looks like the brand you intended to visit, because it was copied from that brand. Only the destination of your money and data has changed.

The wholly invented casino. No real brand behind it at all — a casino that exists only as a website, dressed up with stock game thumbnails and, crucially, a fabricated licence badge. A “UKGC Licensed” graphic, a Gambling Commission logo, an official-looking licence number in the footer. None of it is verified by anyone. A badge is just an image; anyone can paste one onto a page. The number beside it is the only thing that can be checked — and on a fake site it leads nowhere on the official register.

Both versions exploit the same instinct: that a site which looks legitimate is legitimate. It isn’t. Appearance is the cheapest thing in the world to copy.

Section 02 / Three Delivery Routes

The three ways a clone reaches you

Clones almost never appear out of nowhere — they’re delivered through one of three channels, and each one is a place where you click before you check.

1. Paid social ads. Sponsored posts on social platforms, often using a real brand’s name and artwork, linking to the lookalike domain. The ad approval process is not a licence check, so a clone can buy its way directly into your feed.

2. Search results for closed brand names. When a casino leaves the UK market, its name keeps being searched — and impostors move into that gap. This is documented on our register. Thrills Casino exited the UK market, and per its review record, lookalike domains now trade on its name. Casino Calzone closed in October 2020 as a business decision; as the register notes, its old domain may since have passed into unrelated hands. And the Winner Casino entry documents how many domains can cluster around a single brand name — a structure that makes it easy for a player to land on the wrong one.

3. Phishing messages. Emails, texts and direct messages claiming to be from a casino — a “bonus”, a “verification required”, a “withdrawal ready” — with a link to the clone. The message manufactures urgency so you act before you read the address.

Section 03 / The Harvest

What a clone is actually collecting

A clone doesn’t need you to lose at games — most don’t bother running real ones. The product is you, in three layers:

  • Deposits. The most direct theft. Money goes in and never comes out, because there’s no real casino behind the cashier — just a payment form pointed at the operator’s account.
  • Card details. The card number, expiry and security code you enter at the “deposit” screen can be used for further fraud or sold on, whether or not the initial deposit even “succeeds”.
  • KYC documents. This is the most damaging and least obvious layer. A clone will happily ask you to “verify your account” by uploading a passport or driving licence and a proof of address — exactly the documents a real casino requires. Handed to a fraudster, those become tools for identity theft and for opening accounts in your name. The ID-reuse risk outlives the lost deposit by years.

That last point is why a clone is worse than a bad bet: the money is recoverable in some cases, but a copy of your passport, once taken, is out there for good.

Section 04 / Verification

How to verify you’re on the real site

Because clones win on appearance, the defence has to be mechanical — something that doesn’t care how convincing the page looks. Three habits do almost all the work:

  • Check the exact domain against the register’s domain list. The Gambling Commission’s public register doesn’t just list licensed operators — it lists the domains each licence covers. The genuine address will appear there, character for character. A site that looks like the brand but sits on a domain absent from that list is the clone. Our check-a-licence walkthrough shows exactly where to look.
  • Type the address yourself. Reach the casino by typing its known address into the bar, or from a bookmark you saved from a verified visit — never by clicking a link in an ad, a message or an unverified search result.
  • Never enter through ads. Treat every sponsored link to a casino as untrusted by default. If an offer is real, it will still be there when you arrive via the verified address.

Remember the badge rule from Section 01: a licence graphic proves nothing. The licence number, looked up on the official register, is the only thing that does.

Section 05 / Fake Credibility

Fake reviews and forged licensing seals

A clone’s hardest problem isn’t looking like a casino — that’s easy — it’s surviving the moment a cautious player goes looking for reassurance. So the better operations manufacture the reassurance in advance, and AI tooling has made that cheap enough to do at scale. Two fabrications do most of the work.

Forged licensing seals. A “UKGC” or “MGA” badge in the footer, sometimes with a real-looking licence number, occasionally even a number genuinely belonging to a different, licensed operator — borrowed in the hope you won’t cross-check the name. The graphic is just an image; it links nowhere, or links to a page the same site controls. As Section 04 put it: the seal proves nothing, the number looked up on the official register is the only thing that does. A licence number that resolves to a different company’s name is not a clerical quirk — it is the tell.

Manufactured reviews and “news”. Search a brand-new rogue brand and you may find a tidy consensus of glowing five-star reviews, a freshly built “review site” that rates it highly, even article-shaped pages praising it. Much of this is generated — AI can produce a hundred plausible reviews and an entire endorsement site overnight, all pointing one way. The giveaways are structural: reviews clustered in a narrow date range, uniformly positive with no specific detail, on domains as young as the casino itself, frequently earning affiliate commission on every signup they send.

The defence is the same mechanical one throughout this guide, and it is immune to how convincing the credibility looks: trust the official register, not the page’s own self-description. A real licence verifies on the Gambling Commission’s site; manufactured praise does not survive the one source the scammer cannot fake.

Section 06 / Fake Apps

Fake casino apps specifically

The clone problem has an app-shaped cousin, and it’s growing. Two forms dominate.

Sideloaded APKs. A site or message offers you the casino “app” as a downloadable Android package to install directly, outside any official store. Sideloading bypasses the store’s screening entirely, so a fake or malware-laced app installs with whatever permissions it asks for — including access that lets it harvest far more than a website could.

App-store lookalikes. Even inside official stores, copycat apps appear: a familiar name, a near-identical icon, published by an unfamiliar developer. They ride the brand’s reputation to get installs, then run the same deposit-and-document harvest as a web clone.

The checks don’t change. Confirm the casino is licensed and that the app is the one its verified website links to; read the developer name, not just the icon; and be deeply suspicious of any casino that wants you to sideload an APK rather than reach it through a checked, licensed route.

Section 07 / Damage Control

If you’ve already entered your details

If you suspect you’ve deposited at or handed details to a clone, speed matters more than certainty — act now, confirm later.

  • Contact your bank immediately. Tell them you may have entered card details on a fraudulent site. Ask them to freeze and replace the card, and to flag the transactions. Doing this the same day preserves the most options.
  • Ask about a chargeback. A card payment to a fraudulent merchant may be reversible through your card scheme, but time limits apply. The recovery guide covers what realistically works and in what order.
  • Report it to Action Fraud. Gambling fraud is fraud. Reporting feeds enforcement and creates a record you may need later. The complaints guide explains the reporting routes.
  • If you uploaded ID, treat it as compromised. Watch for accounts or credit applications you didn’t make, consider a credit-file alert, and keep the evidence. A stolen identity document is a longer-term problem than a lost deposit, and the sooner it’s flagged the better.

And ignore anyone who contacts you afterwards promising to recover your money for a fee — that’s the second wave, not a rescue.

Section 08 / Questions

Frequently asked questions

How to tell a cloned or fake casino from the real brand, and what to do if you have used one.

What is a cloned casino site?

It’s a fraudulent site built to be mistaken for a real casino — either a pixel-copy of a known brand on a lookalike domain, or a wholly invented casino dressed up with a fabricated licence badge. The aim is to harvest your deposit, card details and identity documents rather than run a genuine casino.

How do I know if a casino site is fake?

Check the exact domain against the operator’s licensed domain list on the Gambling Commission’s public register — character for character. Reach the site by typing the address yourself rather than via ads or messages. If the domain is absent from the register, or only “almost” matches the brand, treat it as fake.

Can a fake site have a licence badge?

Yes. A licence badge is just an image, and anyone can paste a “UKGC Licensed” graphic and an official-looking number onto a page. The badge proves nothing; only the licence number, looked up on the official register, can be verified. On a fake site that number leads nowhere on the register.

Can I trust five-star reviews of a casino?

Not on their own. AI tooling can generate a hundred glowing reviews and an entire endorsement site overnight, all pointing one way. Watch for reviews clustered in a narrow date range, uniformly positive with no specific detail, on domains as young as the casino itself and often earning affiliate commission on every signup. Manufactured praise doesn’t survive the one source a scammer can’t fake: the official register.

What happens if I deposited on a clone?

Contact your bank the same day to freeze and replace the card and flag the transactions, then ask about a chargeback — card payments to fraudulent merchants may be reversible within time limits. Report it to Action Fraud, and keep all evidence. The recovery guide covers the practical order of steps.

They have my passport photo — what now?

Treat the document as compromised. Watch for accounts or credit applications you didn’t open, consider placing an alert on your credit file, and report the incident to Action Fraud so there’s a record. A stolen identity document can be misused long after the event, so flagging it early is the priority.

Are casino apps safe to download?

Only when you’ve confirmed the casino is licensed and the app is the one its verified website links to. Be wary of sideloaded APKs offered outside official stores, and of store lookalikes published by unfamiliar developers. Read the developer name, not just the icon, and never sideload an app a casino pushes on you.

Why do clones target closed casinos?

Because a closed brand keeps being searched while no longer defending its name. Per our register, brands such as Thrills and Casino Calzone left the UK market, and lookalike domains — or old domains that may have passed into unrelated hands — have been documented trading on those names, collecting deposits from players who think the brand still operates.

How do clones get into search results?

They target the names people still search — especially closed brands — and they buy visibility through paid ads, which aren’t licence-checked. They also arrive via phishing messages with direct links. The common thread is that you click before you check; verifying the domain on the register closes that gap.

Can I get money back from a fake casino?

Sometimes. A card payment to a fraudulent merchant may be reversible through a chargeback if you act within the time limits, which is why contacting your bank quickly matters. There’s no guarantee, and money sent by irreversible methods is far harder to recover. The recovery guide sets out what realistically works.

What’s the single best way to avoid a clone?

Reach every casino by an address you typed or bookmarked yourself, and confirm that exact domain appears on the operator’s licensed domain list on the public register before depositing or uploading anything. That one habit defeats lookalike domains, fake badges and phishing links alike.

Section 09 / Keep Reading

Related reading

Not sure the casino in front of you is the real one?

Clones win on appearance and lose to a domain check. Learn the exact register lookup that confirms a site’s identity in under a minute — and see which brands are being impersonated right now.

Check a licence Open the blacklist