How to report and take down illegal sites impersonating yours

Last updated on: December 29, 2022

Just found out there are illegal sites impersonating yours, but you don’t know how to report them? 

You’ve come to the right place.

In this post, we will discuss: 

• How to report and legally take down illegal sites
• We’ll also share actionable tips on how to protect your website and IPs from being exploited by fraudsters and cybercriminals. 

Without further ado, let us begin this guide right away.

Why do cybercriminals publish illegal sites?

Why do scammers copy your website? 

Fraudsters, scammers, and cybercriminals are always on the lookout to find any vulnerabilities they can exploit from your brand, and publishing fake and illegal sites impersonating yours is simply one of the most rewarding methods available for them.

Most cybercriminals impersonating your website do so with financial motives in mind: they are looking to make some money by riding on your brand’s popularity and credibility. While there are other motives like personal vendetta or political reasons, they are relatively rare.

So, how can cybercriminals profit from impersonating your website? Here are just a few examples:

• Extortion is the simplest and yet most popular monetization method. They may ask you to pay a ransom before they’ll take down the illegal site and transfer the domain name ownership to you.
• Launching a fake ecommerce store with a misleading domain name similar to yours and selling counterfeit goods or not delivering anything at all, ruining your brand’s reputation.
• Using the illegal site to attract your target audience, then launch a phishing scheme to steal sensitive/personal information of your customers/clients like credit card numbers, Social Security numbers, account credentials, and so on.
• Selling their services to your competitors, for example, to direct traffic to your competitor’s website, leaking confidential information (i.e., pricing data), etc.

As you can see, these illegal sites can cause detrimental effects to your website and your business as a whole, which we will discuss in the next section.

How illegal sites can affect your business

The presence of illegal sites impersonating your business can negatively affect your business in three different ways: reputational, financial, and legal. 

1. Reputational damages

In this highly saturated social media and digital age, consumers have so many options of brands they can interact with and purchase from, and so they only want to deal with those they perceive as trustworthy and credible. 

According to a recent study, 25% of surveyed Americans would stop doing business with companies that recently experienced a data breach. Meaning, that your online reputation can take months or even years to build, and yet even with a single mistake, you can easily lose it all in a day.

When, for example, your prospect is tricked by a phishing attempt when visiting an illegal website impersonating your brand, they will unconsciously blame you and may lose trust in your brand, even if it’s not directly your fault. 

2. Financial damages

Illegal websites can hurt your business financially in several different ways: 

1. Lower revenue: not only does damage to your reputation may cause customers/clients to stop buying from you, but it may also cause partners and investors to stop funding your business.
2. Extortion: the cybercriminal publishing the illegal website may ask you to pay a ransom before they are going to take down the website. 
3. Security costs: to combat these illegal sites and other cybersecurity threats, the business may be required to invest in more expensive security solutions and workforce. Depending on the business’s location, there may also be newer cybersecurity regulations that require the business to update its security infrastructure.

3. Legal issues

To report and take down these illegal websites, the business may be required to pay for legal help, which can be expensive when not managed properly. 

How do cybercriminals impersonate your website?

Cybercriminals can use various techniques to launch an illegal website impersonating your brand and also various methods to monetize the website. However, all of these variations of methods tend to follow this pattern:

1. Cybersquatting

The first step the bad actor typically takes is to register a domain name that is identical or similar to your original website (or your trademark name). This is called cybersquatting or domain name squatting. 

This is a crucial step in ensuring the fake website can trick visitors into thinking that this website is legitimate.

2. Creating illegal sites

After acquiring this fake domain name, the perpetrator will start building the fake website, and they may also use the domain name to create seemingly legitimate email addresses, which they may use to launch phishing scams.

In this step, the perpetrator may use tools like HTTrack to copy your website’s content, design, and code to build a convincing illegal site that looks similar to yours, complete with your logos, color palette, and other design elements. 

Their goal is to create a convincing website that looks just like your legitimate one, to trick your prospects and customers/clients into believing that the illegal site is legitimate.

3. Monetizing the illegal site

Once the bad actor has successfully convinced the website visitor that the site is legitimate, they can use various methods to monetize this visitor, including but not limited to: 

• Launching phishing attempts to capture this visitor’s personal or sensitive information, then:
  • Use the stolen credit card information to purchase goods 
  • Sell the stolen customer information to your competitors or other parties
• Sell counterfeit goods on the fake ecommerce store impersonating yours.

How to prevent impersonation of your website

Later on in this guide, we’ll learn how to effectively report these fake sites and take them down; preventing them from existing in the first place is always the better approach if you’d like to protect your brand’s reputation.

With that being said, here are a few best practices you can follow to prevent being spoofed by cybercriminals:

1. Claim and legally protect your intellectual property

Make a list of your Intellectual Properties (IPs), and register them for legal protection.

Registering your IPs will provide you with legal protection when they are used by bad actors on illegal websites. This means you can get appropriate legal help in such scenarios and will be in a stronger position when attempting to take down these illegal websites.

When it comes to websites, there are at least four IPs you should register for legal protection: 

• Trademark or service mark: register your brand name and product/service names so they cannot be used by other parties without your permission.
• Domain name: you should register your domain name as early as possible to prevent domain name squatting or cybersquatting. Also, consider registering relevant variations of your domain names, including different top-level domains (TLDs) and country-specific domains (.us, .uk, etc.)
• Copyright: if your business has any eligible creative assets (both physical and digital) like product design, logos, etc., register their copyrights.
• Patents: if your product uses any innovative technology you’ve invented yourself or sufficiently unique designs, you can register them for patents. 

2. Pay attention to domain expiry dates 

A common method used by cybercriminals in creating fake websites is to register expired domain names that are not renewed by their legitimate owners. 

So, make sure to renew your domain names before their expiry dates to avoid them from being exploited.

You may also want to check with your domain name registrar or hosting provider whether they offer domain ownership protection. With this protection in place, you can retain ownership of the domain name even if the domain name has recently expired, which can add an extra layer of protection for your business. 

However, even if they don’t offer protected registration, typically, credible hosting providers will send you multiple notifications and reminders before the domain name’s expiry date, so you should have enough opportunities to renew the domain name.

Yet, be aware of scenarios like when you are not sure whether to continue the business or when you decide to rebrand your business with a new name. In such cases, you might not be sure whether to renew the domain name.

As a general rule of thumb, if you are not sure, it’s best to renew the domain name first rather than to be sorry later. A domain name should cost you no more than $10 to $20 per year, which is much more affordable than the potential damage when the domain name is used by cybercriminals.

How to report and take down illegal sites: step by step

So, what are your options if you’ve identified illegal sites impersonating your brand?

Below, we’ll share a step-by-step guide you can use to report these illegal sites and take them down:

Step 1: Evaluate the situation 

Above anything else, don’t panic, and start by gathering as much information as you can about the illegal site:

• Confirm whether the illegal website is indeed impersonating yours with malicious intent or if it’s just a coincidence.
• Identify the registrar of the domain name impersonating yours. There are various WHOIS lookup tools you can use for this purpose. If possible, also identify the host of the website’s servers and the identity of the scammer.
• Identify any contact information (phone number, email address) of the illegal website’s owner. You’ll need this to contact them later.

Ideally, you’d want to identify the identity of the website owner or domain registrant, but if you can’t, that’s okay, and you can move on to the next step.

Step 2: Evidence gathering

If you’ve confirmed that this illegal site is impersonating yours in bad faith, then the next step is to gather evidence of the malicious intent.

You can start by collecting screenshots (with timestamps) of at least the following:

• Domain name (URL)
• IP address or addresses
• Logos, brand name, and any brand elements that may be a violation of any copyright/trademark/patent you own
• Pages and content that are similar to those published on your site
• Proof of fraudulent activities (i.e., phishing scheme, testimonials from victims, fake product listing, etc.)

There are also tools and solutions that can help you in gathering these pieces of evidence, so leverage them as much as you can. The more evidence you can gather, the easier it will be to present the case to take down this illegal website.

Step 3: Contact the website owner

Before reporting the illegal site to relevant authorities, we’d recommend trying to contact the website owner first and confront them about the situation.

There’s always the possibility that they didn’t have any malicious intent and may be willing to close/transfer the website and domain name on your request.

Another possibility is that the fake website owner is looking to sell the domain name to you (the legitimate owner of the trademark) and make some money off it. In such cases, if the price is fair, although not ideal, it’s probably better to make the purchase and move on, rather than having to deal with lengthy and potentially more expensive legal processes to reclaim the domain name.

Step 4: Reporting

The next step after you’ve gathered the relevant pieces of evidence is to report the fake website to the relevant parties, including but not limited to:

• Google and the other search engines: if you have collected enough evidence that the illegal website is infringing your trademark/copyright and is engaging in criminal activities (i.e., selling fake products, phishing,) then you should file a report to Google’s safe browsing team, as well as other search engines like Bing. This is to make sure the site is penalized and won’t appear on search results so it can’t attract more potential victims.
• ICANN: if you have a registered trademark for your domain name, you can file a complaint under the UDPR (Uniform Domain-Name Dispute Resolution). With a successful UDPR filing, you can get the domain name canceled or transferred to you.
• Domain registrar: report the situation to the domain registrar to whom the website is registered. Some fraudsters may register the domain under your business or personal name, and in such cases, you can file a report to ICANN and ask them to de-list the domain name (or transfer ownership to you.) Some considerations:
  • If the website is a Top Level Domain (TLD), for example, if they are using .com, .org, or .net, then you can report to ICANN here.
  • If the website uses cc TLD (country code TLD) like .us, .uk, and so on, then you can check this list and contact the domain registrar of the relevant country used by the fake website.
• Payment gateway and credit card network: if it’s an ecommerce website involving transactions and payment processing, then you can contact the payment gateway companies (i.e., Paypal, Venmo, etc.) as well as credit card companies like Visa and Mastercard so they can block this website from making future transactions.

When filing your reports to these institutions, it’s best to include:

• Your accurate business name, as well as complete and accurate contact information (leave a PIC’s contact information if possible)
• All evidence you’ve gathered in the previous step
• Concise but clear explanation of the situation
• The desired outcome you’d like from filing the report (i.e., blocking transactions, cancellation/transfer of domain name, etc.)
  

In general, here are the steps you should follow:

1. Prepare a DMCA (Digital Millenium Copyright Act) notice, and then send an official cease and desist letter to the domain registrant or the admin of the illegal website.
2. If you don’t get any response, then send the letter to the domain registrar of the website.
3. Next, send the letter to the CMS platform of the fake website. Typically these websites won’t be made from scratch and will rely on CMS platforms like WordPress, Shopify, Wix, or others. If you can provide enough evidence, it’s likely that these platforms will cooperate with you and take down the website.
4. If the domain registrar or CMS platform didn’t give any response, then send the letter to the hosting provider. Hosting providers are typically required to comply with strict regulations and are more likely to be more cooperative in taking down the website if you can prove the occurrence of malicious and/or criminal activities. 

Note: when reporting to Google requesting the removal of the illegal website from the SERP, keep in mind that Google receives a huge pile of DMCA takedown requests every single day, so it may take a while before they get back to you, up to a week. Providing complete evidence and proof of ownership (i.e., your registered trademark) can help speed up the process.

What’s next

Illegal sites impersonating yours can be a major threat for any business with an online presence and can cause long-term or even permanent damage to your reputation and credibility. 

While taking down all these illegal websites on the whole internet is fairly impossible to do (and not worth it), the actionable tips we’ve shared above can help you to report these illegal sites and legally take them down, protecting your brand’s integrity in the process.

This is where partnering with a professional Fake Domain Takedown Service can significantly help your business. Services like Red Points can leverage state-of-the-art technology to conduct real-time domain research, so you can use your time to focus on your core business tasks and grow your business instead.