You have a business website. A fraudster copies it and poses like they’re your company. They use your website layout and text and sample your products. Their site looks like yours but with a spoofed URL, making it confusing for unsuspecting customers or business partners to spot.
So what’s the best you can do in this type of scenario?
Report and take the fake website down.
You’ll see how to do that today.
But before we proceed, a more crucial question to ask yourself is: If I take down one fake website, would that prevent other fraudsters from spoofing our website and squeezing our revenue?
Scammers are getting better at spoofing websites
As of 2017, over 46,000 fake websites were created daily.
That’s about 1.385 million fake websites created in one year alone. This number increases monthly and even went up to 2.3 million in May of that year:
While reporting this troubling statistic, HelpNet Security noted:
In other words, scammers are getting smarter.
Take one down today, and they’ll resurface with more sophisticated ways to fake your website tomorrow. Nick Montagu, the CEO of Alphawhale, corroborates:
But what new ways are fraudsters using to fake websites, you may ask?
Various domain name squatting tricks
Domain name squatting has gone beyond using fake domain extensions. Today, scammers use various tricks to deceive and steal revenue from unknowing customers.
Here are the various formats to keep an eye on.
Typosquatting: Here, scammers register misspelled name variants, targeting users likely to make a typo when typing your exact URL. For instance, filla[.]com instead of fila[.com].
Combosquatting: This squatting trick involves registering your domain name with popular words combined with it. An example could be fila-shoes[.com], fila-shirts[.com], etc.
Homographsquatting: Scammers can mimic indistinguishable Unicode characters allowing brands to take advantage of international domain names (IDNs). In the case of fila[.com], the English letter “a” (U+0061) can be faked with the Cyrillic letter “а” (U+0430).
Soundsquatting: Criminals can register homophones of your domain, i.e., words that sound like your brand name. This trick could take advantage of the increasing number of customers using text-to-speech software like Siri, Alexa, etc., to search.
Bitsquatting: This occurs when attackers target hardware errors that can cause a random bit-flip where your domain name is stored. Although this one is technical and rare, this study found it is a real threat worthy of concern.
Levelsquatting: This attack targets mobile users, where a browser’s address bar isn’t wide enough to display an entire URL. Scammers can create and redirect unsuspecting mobile users to shoes[.]fila[.]com[.]mdmftwjj[.]l6kauf04p102xnpq[.]bid, knowing phone browser displays would miss the fake part.
Social media impersonation: Scammers could also run fake social media ads that look like they came from your brand (i.e., brand jacking), redirecting customers to a fake website created with one or more of the methods above.
These site-faking tricks deserve a guide of their own because they all have subtle nuances used by an increasing number of scammers who create fake websites.
It’s hard to keep up.
For instance, FILA, an enterprise company with massive internal and external resources, struggled to keep up with fraud:
It’s why FILA leveraged a Revenue Recovery platform like Red Points to monitor and have, so far, removed 297,795 spoof listings online. Other brands and executives also use Red Points to automate monitoring and taking down variants of fake websites 24/7.
Beyond the crafty games of domain squatting, there’s a whole other world of fake websites out there, giving businesses a real run for their money.
These aren’t just your garden-variety imposters; we’re talking about everything from crafty misinformation sellers to bold counterfeit shops, each one a unique challenge in the fight to protect your brand and your customers.
Phishing websites: These sites mimic legitimate ones to deceive users into entering sensitive information such as passwords or credit card numbers. They often replicate the design of well-known banks, online services, or retailers to trick users.
Scam websites: These websites promise unrealistic rewards or products at very low prices to swindle money or personal information. They may advertise fake lotteries, incredible investment opportunities, or ‘free’ products that require payment of ‘shipping fees’.
Fraudulent ecommerce sites: Set up to sell non-existent products or counterfeit goods, these fake websites take consumers’ money but either deliver nothing or send fake or substandard products.
Malware distribution sites: These appear legitimate but aim to infect visitors’ devices with malware, leading to data theft, ransomware attacks, or unauthorized use of computing resources.
Fake online marketplaces: Resembling platforms like eBay or Amazon, these marketplaces are set up for fraudulent transactions, often selling non-existent, stolen, or counterfeit items.
Counterfeit product websites: Focused on selling fake versions of popular or luxury goods, these sites often lure customers with attractively low prices but provide poor quality counterfeits.
Each type of fake website is designed to exploit different vulnerabilities, whether it’s a user’s trust, desire for a good deal, or investment goals. By identifying and addressing these varied threats, you can safeguard your brand’s integrity, revenue, and customer trust.
How to spot a fake website
Picture this: you’re monitoring your brand’s online presence, and suddenly, you come across a website.
Something feels off.
The site mirrors the look and feel of your own, perhaps a little too well. It’s as if it’s trying to pass off as your brand, masquerading among the ranks of established ecommerce players.
Today, we’re diving into that. We’ll explore how to spot those sneaky, deceitful websites – from phishing schemes to counterfeit marketplaces. After all, in the high-stakes world of brand reputation, falling prey to an online scam is not an option.
URL inspection: Carefully check the URL for subtle misspellings or incorrect domains (e.g., “.com” replaced with “.net”).
Look for security indicators: Genuine websites often use HTTPS and display a padlock icon in the address bar. However, be aware that some sophisticated phishing sites may also use HTTPS.
Unexpected requests: Be cautious if the site asks for sensitive information that a legitimate company wouldn’t normally request during your interaction.
Too-good-to-be-true offers: If deals or promises seem excessively favorable or unrealistic, they’re likely scams.
Poor design and errors: Scam websites often have poor grammar, spelling mistakes, and low-quality graphics.
Lack of legitimate contact information: Genuine businesses usually provide clear and verifiable contact details.
Fraudulent ecommerce sites:
Check customer feedback: Look for reviews from previous customers. A complete absence of reviews or overwhelmingly negative feedback can be a red flag.
Verify site security: Ensure the site uses HTTPS, especially on pages where you enter personal or payment information.
Return and privacy policies: Legitimate sites typically have clear and detailed policies. Vague or missing policies are concerning.
Malware distribution sites:
Unexpected downloads: Be wary of websites that prompt you to download software or files unexpectedly, especially if visiting for the first time.
Antivirus warnings: Pay attention to any alerts from your antivirus software when visiting a new website.
Pop-up overload: A large number of pop-ups or intrusive ads can be indicative of a malicious website.
Fake online marketplaces:
Unusually low prices: Extremely low prices for typically expensive items can indicate counterfeit goods or non-existent products.
Check site reputation: Look for reviews or complaints about the marketplace on independent review platforms.
Payment methods: Be cautious if the site only accepts less secure payment methods like wire transfers or cryptocurrency.
Counterfeit product websites:
Price comparison: If the price is significantly lower than what’s offered by reputable retailers, it could be a counterfeit.
Product photos: Look for discrepancies or low-quality images that might suggest the products are not genuine.
Brand verification: Check if the website is an authorized retailer of the brand, especially for luxury or high-value items.
In essence, spotting fake websites is about staying sharp and questioning the details. Each tip we’ve shared is a tool in your kit against online deception. Keep these pointers in mind, and you’ll navigate the digital world with greater confidence and security.
Ways to report and take down a fraudulent website (on your own)
If you’re dealing with a few fake sites, you can report and take them down on your own. Here’s a short tutorial we created to help you:
1. Send cease and desist letters
Once you find a fake website, sending a cease and desist letter to the site admin or domain registrant is the first step to take when you report a fake website. A domain registrant search service like ICANN should be able to pull up this information on a fake website.
But most registrants won’t respond to your letter.
In this case, you should also send a C&D letter to the CMS platform the fake domain runs on. Popular CMS platforms like Wix, Squarespace, Shopify, etc., have guides on this.
If you still don’t get a response, try these:
Report the fake website to the server host via a C&D letter.
Send a notification to the domain registrar. Large registrars like GoDaddy, NameCheap, etc., may be able to help.
If the fake website is selling counterfeits of your products, contact and report the fake website to the payment processing company they’re using. Payment processors like Visa, PayPal, etc., have fraud departments that can help with taking a fake website down.
2. Report the fake website to Google
Google can also help.
If a fake website is involved with criminal activities like phishing, report the domain to Google’s safe browsing team to get it de-indexed and stopped from coming up in search results.
It takes four steps to report a fake website to Google:
Add the fake site’s URL,
Provide additional information (to expedite action),
Reporting fraud websites via the steps above is free.
But what if you’re dealing with higher volumes of spoof websites? Worse, what if even after taking one down, another three to five pop up? And more importantly, what if you don’t have the time to monitor the various ways scammers are trying to spoof your website?
Again, that’s where busy executives turn to Red Points:
How busy execs automate & take down fake websites (with Red Points)
Red Points’ robust website takedown solution and dedicated Customer Success Manager assigned to each customer do 97% of the work on reporting and taking down fake and scam websites.
Once you log in, you’ll, among other things, see two crucial data summaries relevant to taking down fake websites at scale:
Critical fake website incidents to evaluate from thousands of possible infringements automatically scoured from the web.
The platforms scammers are using to fake your website:
Here’s how Red Points helps report and take down a fake website.
At the core, Red Points is the Revenue Recovery platform concerned with helping brands block and recover revenue leaks scammers try to steal via fake sites, online scams, and counterfeiting. The platform works 24/7 in a 3-step funnel:
Monitoring & Detection,
Evaluation & Prioritization,
Auto-takedowns (per your preference).
Monitoring & Detection
Based on the documentation given when signing up e.g. trademarks, patents, and copyrights, Red Points monitors the global web for all infringements directly or indirectly related to your brand. That´s why as a first step, it’s critical for your brand to have all your intellectual property rights registered before leveraging Red Points’ platform.
The team then defines automation rules to facilitate the process of having any fake website removed online. Our platform learns over time based on users making the results more accurate over time.
That’s how it auto-detects fake websites:
Evaluation & Prioritization
In the example above, there were over 36,000 possible copyright infringements. That’s too much for anyone to deal with at once.
And you don’t need to.
The advanced machine learning algorithm built into Red Points does the heavy lifting of grouping the incidents you should evaluate (1). It also groups the once perceived to be of high risk (2):
Automated Takedown Requests
Red Points works in the background to automate the takedown process for scam websites based on conditions approved by you.
Not only can you see reports of how many fake websites got taken down within a period, but you can also see the economic value (i.e., revenue leaks blocked and recovered) too:
One more thing.
Busy executives who come for the efficiency of Red Points’ in-built detection AI end up staying for their dedicated Account Manager.