How to take down fake websites. Once & for all

It’s a frustrating situation to be in. 

You have a business website. A fraudster copies it and poses like they’re your company. They use your website layout and text, and sample your products. Their site looks like yours but with a spoofed URL, making it confusing for unsuspecting customers or business partners to spot. 

So what’s the best you can do in this type of scenario?

Report and take the fake website down. 

You’ll see how to do that today. 

But before we proceed, a more crucial question to ask yourself is: If I take down one fake website, would that prevent other fraudsters from spoofing our website and squeezing our revenue?

Scammers are getting better at spoofing websites

As of 2017, over 46,000 scam websites were created daily. 

That’s about 1.385 million fake websites created in one year alone. This number increases monthly and even went up to 2.3 million in May of that year: 

While reporting this troubling statistic, HelpNet Security noted: 

In other words, scammers are getting smarter. 

Take one down today, and they’ll resurface with more sophisticated ways to fake your website tomorrow. Nick Montagu, the CEO of alphawhale, corroborates:

But what new ways are fraudsters using to fake websites, you may ask? 

Various domain name squatting tricks

Domain name squatting has gone beyond using fake domain extensions. Today, scammers now use various tricks to deceive and steal revenue from unknowing customers. 

Here are the various formats to keep an eye on. 

1. Typosquatting: Here, scammers register misspelled name variants, targeting users likely to make a typo when typing your exact URL. For instance, filla[.]com instead of fila[.com].
2. Combosquatting: This squatting trick involves registering your domain name with popular words combined with it. An example could be fila-shoes[.com], fila-shirts[.com], etc. 
3. Homographsquatting: Scammers can mimic indistinguishable Unicode characters allowed for brands to take advantage of international domain names (IDNs). In the case of fila[.com], the English letter “a” (U+0061) can be faked with the Cyrillic letter “а” (U+0430).
4. Soundsquatting: Criminals can register homophones of your domain, i.e., words that sound like your brand name. This trick could take advantage of the increasing number of customers using text-to-speech software like Siri, Alexa, etc., to search. 
5. Bitsquatting: This occurs when attackers target hardware errors that can cause a random bit-flip where your domain name is stored. Although this one is technical and rare, this study found it is a real threat worthy of concern.
6. Levelsquatting: This attack targets mobile users, where a browser’s address bar isn’t wide enough to display an entire URL. Scammers can create and redirect unsuspecting mobile users to shoes[.]fila[.]com[.]mdmftwjj[.]l6kauf04p102xnpq[.]bid, knowing phone browser displays would miss the fake part.
7. Social media impersonation: Scammers could also run fake social media ads that look like they came from your brand (i.e., brand jacking), redirecting customers to a spoofed website created with one or more of the methods above. 

These site-faking tricks deserve a guide of their own because they all have subtle nuances used by an increasing number of scammers that create fake websites. 

It’s hard to keep up. 

For instance, Fila, an enterprise company with massive internal and external resources, struggled to keep up with fraud: 

It’s why Fila leveraged a Revenue Recovery platform like Red Points to monitor and have, so far, removed 297,795 spoof listings online. Other brands and executives also use Red Points to automate monitoring and taking down variants of fake websites 24/7.

Take Robert B., a VP of Operations:  

[Red Points Review on G2]

Ways to report and take down a fraudulent website (on your own)

If you’re dealing with a few fake sites, you can report and take them down on your own. Here’s a short tutorial we created to help you: 

1. Send cease and desist letters

Once you find a fake website, send a cease and desist letter to the site admin or domain registrant. A domain registrant search service like ICANN should be able to pull up this information on a fake website. 

But most registrants won’t respond to your letter. 

In this case, you should also send a C&D letter to the CMS platform the fake domain runs on. Popular CMS platforms like Wix, Squarespace, Shopify, etc., have guides on this.

If you still don’t get a response, try these: 

• Report the fake website to the server host via a C&D letter.
• Send a notification to the domain registrar. Large registrars like GoDaddy, NameCheap, etc., may be able to help. 
• Scammers could register a fake site with your name, making it difficult for you. If that’s the case, contact and report to ICANN. 
• If the fake website is selling counterfeits of your products, contact and report the scam website to the payment processing company they’re using. Payment processors like Visa, PayPal, etc., have fraud departments that can help with taking a fake website down.

2. Report the fake website to Google

Google can also help. 

If a fake website is involved with criminal activities like phishing, report the domain to Google’s safe browsing team to get it de-indexed and stopped from coming up in search results.

It takes four steps to report a scam website to Google: 

1. Visit safebrowsing.google.com, 
2. Add the fake site’s URL, 
3. Provide additional information (to expedite action),
4. Hit submit: 

[source]

Reporting fraud websites via the steps above is free. 

But what if you’re dealing with higher volumes of spoof websites? Worse, what if even after taking one down, another three to five pop up? And more importantly, what if you don’t have the time to monitor the various ways scammers are trying to spoof your website? 

Again, that’s where busy executives turn to Red Points:

[Red Points Review on G2]

How busy execs automate & get rid of fake websites (with Red Points) 

Red Points’ robust website takedown solution and dedicated Customer Success Manager assigned to each customer does 97% of the work on reporting and taking down fake and scam websites. 

Once you log in, you’ll, among other things, see two crucial data summaries relevant for taking down fake websites at scale: 

1. Critical fake website incidents to evaluate from thousands of possible infringements automatically scoured from the web.
2. The platforms scammers are using to fake your website: 
   

Here’s how Red Points helps report and take down fake websites. 

At the core, Red Points is the Revenue Recovery platform concerned with helping brands block and recover revenue leaks scammers try to steal via fake sites, online scams, and counterfeiting. The platform works 24/7 in a 3-step funnel:

1. Monitoring & Detection, 
2. Evaluation & Prioritization,
3. Auto-takedowns (per your preference). 

Monitoring & Detection

Based on the documentation given when signing up e.g. trademarks, patents, and copyrights, Red Points monitors the global web for all infringements directly or indirectly related to your brand. That´s why as a first step, it’s critical for your brand to have all your intellectual property rights registered before leveraging Red Points’ platform.

The team then defines automation rules to facilitate the process of having any fake website removed online. Our platform learns over time based on users making the results more accurate over time.

That’s how it auto-detects fake websites: 

Evaluation & Prioritization 

In the example above, there were over 36,000 possible copyright infringements. That’s too much for anyone to deal with at once. 

And you don’t need to. 

The advanced machine learning algorithm built into Red Points does the heavy lifting of grouping the incidents you should evaluate (1). It also groups the once perceived to be of high risk (2): 

Automated Takedown Requests

Red Points works in the background to automate the takedown process for scam websites based on conditions approved by you. 

Not only can you see reports of how many fake websites got taken down within a period, but you can also see the economic value (i.e., revenue leaks blocked and recovered) too: 

One more thing. 

Busy executives who come for the efficiency of Red Points’ in-built detection AI end up staying for their dedicated Account Manager. 

And those are not our words: 

[Red Points Review on G2]