How to legally take down a website

Last updated on: September 5, 2023

Have a scammer or cybercriminal copied your business website, so it looks just like yours? Or probably you have websites posting illegitimate (and illegal) claims about your business?

While these fake and illegal websites might seem docile at first, even a single accident of your customers being frauded can significantly hurt your long-term reputation (and even permanently), indirectly or directly costing your business financially and, in a worst-case scenario, can cause legal repercussions. 

So, how can you report and take down these websites legally? 

In this post, we will discuss how to legally take down a website, as well as the best tips on how to report illegal sites.

Why scammers copy your business website?

Publishing fake and illegal sites is just one of so many different methods online scammers and cybercriminals can use to take advantage of your business.

While these scammers may have different motives, in the end, most of them will try to monetize the scam, for example, by:

• Setting up a fake ecommerce store impersonating yours, siphoning sales from your store, and delivering fake merchandise to your clients (or not delivering anything at all.)
• Holding you to a ransom, asking you to pay them before they give access to the fake domain name
• Using the website for phishing schemes, illegally capturing your customers’ confidential information like credentials (passwords), account numbers, social security numbers, medical records, and more.
• Stealing credit card information and using it to make a purchase and other forms of financial fraud.

The thing is, when these things happen to your customers, they’ll perceive that it is your business’s fault (even if technically it isn’t.). Any fraud committed in your name can hurt your reputation, and in some cases, the damage can be permanent. 

How do cybercriminals impersonate your website?

Thanks to technology, nowadays, creating and publishing a professional-looking website is very easy. While this can be beneficial for your business, this also means it’s also easy for cybercriminals and scammers to impersonate (or spoof) your website. 

Even a beginner online scammer can use a web scraping bot, steal your website information and content, and then upload it under a new (fake) domain in just a matter of minutes. 

While there are variations to the methods used by these scammers, all of them tend to follow the following patterns:

1. Domain name squatting

The scammer or cybercriminal registers a domain name that contains your brand name (i.e., if you haven’t claimed your brand domain name) or one with a slight variation to your existing domain.

The main purpose of this method is so that the scammer can fool website users (i.e., your customers) into believing that the website is yours, and the scammer can then leverage this situation in the ways we’ve discussed above. 

The scammer can spoof your website with a fake URL or even sell fake products of your brand on this website. Your prospective customers may end up on this fake website, and when they are scammed, it is your reputation at stake.

With this fake domain name, the scammer in question can also create emails that look like official ones from your business (due to the similarities of the domain name.), in which the scammer can direct the recipient to the fake website or perform a phishing scheme.

As we can see, domain name squatting might seem harmless at first, but it can actually cause serious havoc to your reputation and finances. You need to constantly monitor and work on taking down those websites.

2. Impersonating your brand online

Once the scammer has successfully claimed a fake (but convincing) domain name, they can now move on to the next step to impersonate your website.

In this step, the scammer will typically copy your website’s code and content to create a convincing fake website while also including your branding details (logo, images, etc.) on the website.

With your brand elements, content, and a fake domain name that is nearly identical to yours, the fake website can look convincing and may effectively fool your customers into believing the site is legitimate.

3. Monetizing the scam

Once the scammer has successfully convinced the website visitor, they start to present themselves as your business to these scammed customers and will monetize the scam in one way or another, as we’ve discussed above. 

Step-by-step guide to legally take down a website

So, you just found out that your site has been impersonated by a scammer? 

The first thing you should do is not to panic. Although domain squatting and spoofing can indeed be dangerous for your brand, there are ways to effectively handle the situation and legally take down the website.

You can do so by following this step-by-step guide:

Step 1: Assess and confirm

Again, don’t panic. Quickly perform a basic assessment and gather the information. Confirm again whether the fake website is indeed impersonating your brand or if it’s a mere coincidence.

Gather as much information as you can about the fake website. Ideally, you’d want to identify the scammer/cybercriminal behind the website, but in most cases, this will be very difficult to do since they’ll hide their identity.

A basic approach is to identify the registrar of the fake domain name, as well as the host of the website’s servers. There are various WHOIS lookup tools you can use for this purpose (do a quick Google search for “whois lookup,” but there’s no guarantee for success.

If you can’t identify the scammer, it’s perfectly okay, and we can move on to the next step of collecting evidence so you can use it for reporting and taking down a website.

Step 2: Collecting evidence

The next step, regardless of whether you can identify the scammer, is to collect evidence of the fraudulent activities performed by the scammer via the fake website. 

While there are advanced tools available for collecting websites, gathering screenshots (with timestamps) can be effective. You should collect evidence of at least the following:

• The website’s domain name
• IP address (or addresses)
• URL
• Any brand elements that may be a violation of any copyright/trademark policies
• Web pages that are similar to yours
• Any branding elements used on the fake website
• Proof of fraudulent activities (i.e., testimonials from victims)

The more pieces of evidence you can gather, the easier it will be to legally shut down the website.

Step 3: Report illegal and fake websites

Once you’ve gathered and compiled all the necessary evidence, you should file your report the website to the relevant parties:

• Google/other search engines: if you have proof that the website is engaging in criminal activities (i.e., phishing, impersonating your eCommerce store, etc.), quickly file your website report to Google’s safe browsing team and other relevant search engines (i.e., Bing.) This is to ensure the site can be penalized and won’t appear on search results to minimize the number of future victims.
• Relevant authorities: depending on your location, you may want to file a complaint on the illegal website with the local police department and the FBI. 
• Domain registrar: check where the domain name is registered and report the situation. It’s possible that the scammer is registering the domain under your name (or business’s name). In such cases, report to ICANN and ask them to de-list your name.
  • If the website is a Top Level Domain (TLD), for example, if they are using .com, .org, or .net, then you can report to ICANN here.
  • If the website uses ccTLD (country code TLD) like .us, .uk, and so on, then you can check this list and contact the domain registrar of the relevant country used by the fake website.
• ICANN: if you have a registered trademark for your domain name, you can file a complaint under the UDPR (Uniform Domain-Name Dispute Resolution). Successful UDPR filing can result in the domain name ownership being transferred to you.
• Payment gateway: if the website involves online transactions and offers payment options like PayPal, credit card (Visa/MasterCard), Venmo, and so on, you can contact these payment companies and report the situation; they may also be willing (and capable) of helping you to take down fake websites.

All reports on websites should contain:

1. Complete and accurate contact details of your business and a PIC
2. All the evidence you’ve gathered
3. A brief explanation of the situation (why you think the website is currently being impersonated.)
4. The desired outcome you’d like from reporting the abuse (i.e., termination of responsible employee.)

Step 5: Send a cease and desist letter for illegal websites

Prepare a DMCA (Digital Millenium Copyright Act) notice, and then send an official cease and desist letter to the site admin. Alternatively, you can send the letter to the domain registrant if you can’t reach the fake website owner. 

If you are dealing with a scammer/cybercriminal, most likely, you won’t get any response. Your next step is to send the letter to the CMS platform the fake website is built upon. Most scammers won’t build the website from scratch and will rely on platforms like Shopify, Wix, or WordPress. Most likely, these platforms will cooperate with you and shut down websites if you can prove the occurrence of criminal activities. 

If the domain registrar or CMS platform still didn’t give their response, then you can send a cease and desist letter to the server host. Server hosts are required to comply with strict regulations and are more likely to be more cooperative in shutting the website down.

Step 6: Follow-up with Google

If you’ve followed this guide on shutting down websites legally to a T, then you should’ve sent a request to Google informing them of the situation, asking for the fake website to be removed from the search result. 

Remember that Google receives a massive number of DMCA takedown requests every single day, so expect that the process of taking down a website may take a while, at least a few days up to a week.

You may want to follow up with a complete DMCA request, especially with proof that you are the legal copyright owner of the website and its content, as well as the evidence of the malicious activities on the fake website.

Preventing future scams: best practices

Taking down websites impersonating yours is one thing, but to really protect your reputation, you’d want to prevent these spoofing attempts from happening. 

These steps we’ve discussed probably will suffice to take down the fake/illegal website. However, keep in mind that persistent scammers won’t stop there, and they’ll simply come up with another fake website with another URL.

Here are a few tips you can use to prevent future scams and spoofing attempts:

• Make sure to pay extra attention to domain name registrations and trademark filings. 
• Develop a comprehensive strategy with an emphasis on partnership between all departments and the cybersecurity department to combat impersonation.
• Using the help of automated domain registration monitoring can help significantly. DMARC is a viable option here, where it will automatically detect anyone using your brand’s domain without authorization and then block the delivery of all unauthorized emails from impersonators.
• Always be proactive in identifying and taking down domain abuse. This can be done by using third-party brand protection services like Red Points.

Has my business website been spoofed?

It’s no secret that the number of online scams and cybercrimes, in general, have surged in 2020 and 2021 due to various situations created by the global COVID-19 pandemic. 

Out of these online scams, there has also been a record-breaking number of domain name case filings disputing fake sites in recent years. So, if you suspect there is at least one fake website impersonating yours, you are likely to be right. 

So, how to know if your business website has been spoofed? 

You can use tools like ICANN lookup to check domain registration data for domain names similar to your unique domain. If you find registered domain names that are suspicious, visit the website and check their content. 

Yet, most businesses simply don’t have the time to manually check for domain registrations, which can be time-consuming. Remember that fake websites can be created in just a matter of hours, if not minutes, so for this method to be feasible, you’ll need to check these domain registrations at least once daily. 

This is where partnering with a professional fake domain takedown service can significantly help your business. Services like Red Points can leverage state-of-the-art technology to conduct real-time domain research, so you can use your time to focus on your core business tasks instead.