This article contains links to third party websites, CSC is not responsible for the content of these sites.
With the internet becoming an integral part of our daily lives, it is essential to recognise and understand the existence and impact of these fraudulent online platforms. Copycat websites, as the name suggests, are deceptive replicas of legitimate websites that mimic their design, content, and functionality, often with malicious intent.
From imitating popular e-commerce platforms to masquerading as reputable financial institutions or government agencies, these copycat websites aim to deceive unsuspecting visitors into providing sensitive information, such as personal details, financial data, or login credentials. The consequences can range from identity theft and financial loss to reputational damage for the original website and loss of trust among consumers.
Why can’t you just take the website down?
While it may seem simple to 'take down' a website, the process is often more complex due to various technical and legal considerations. Here are a few reasons why it is not easy to simply take down a website:
Ownership and jurisdiction: Websites are owned by individuals, organisations, or businesses, and they have certain legal protections. To take down a website, you need to establish legal authority and jurisdiction over the website's owner, which can be challenging, especially if the website is hosted in a different country with different laws.
Distributed nature: Websites are distributed across servers and networks, making them resilient to single points of failure. If you want to take down a website, you need to identify and target all the servers hosting the website's content, which can be a complex task, especially if the website is replicated across multiple servers or hosted on a content delivery network (CDN).
Legal considerations: Taking down a website typically involves legal processes. If a website is involved in illegal activities or infringing on intellectual property rights, the affected parties may need to pursue legal action, obtain court orders, or collaborate with law enforcement agencies to initiate takedowns. This process can be time-consuming and requires sufficient evidence and legal grounds.
Mirroring and backups: Websites can have backups or mirrored copies in multiple locations. If you manage to take down one instance of a website, there may be redundant copies available that can quickly be restored, making your takedown efforts temporary or ineffective. Taking down a website once does not mean it cannot just be replicated and hosted elsewhere.
Freedom of expression: Websites that operate within legal boundaries and promote freedom of expression, even if their content is controversial or objectionable, are protected by laws and regulations. Governments and organisations must follow due process and respect the principles of free speech before taking down such websites.
It is important to note that attempting to take down a website without proper authorisation or legal justification is generally considered illegal and unethical.
What to do?
Before you start the process of getting a website taken down, it’s important you document everything, this is anything from your legitimate website and any proof you are the legitimate organisation to spelling mistakes on the copycat website. This evidence will help support your case as you go to the next steps.
1. Contact the web owner directly
After you document everything, you can approach the website owner to remove the stolen content. However unlikely, they might acknowledge their mistake and take down the plagiarised content on their own.
There are a few easy ways to reach out to a site owner. You can start by looking for the contact information on their website. If you’re lucky, you’ll find several options like an email or the contact form. Plus, these methods of contact retain copies of the messages as proof.
If the contact details are not available on the site, you could turn to 'WHOIS' search platforms for the plagiarist’s site registration details. A simple Google search can give you a list of options to use. Some include:
https://www.domain.com/whois/whois
These sites should reveal pieces of information including the domain registrar, as well as the accompanying email address of the site admin. Often, criminals will list phoney email addresses or privatise their registration details to prevent public access. However, there are further actions you can take.
2. Contact the Registrar and Host
If contacting the website owner directly does not work, it’s best to contact the hosting company and registrar. Hosting companies do not want illegal content hosted on their servers so providing you have the evidence to prove the page is a forgery, they will take action.
You can find the domain registrar hosting company through the above ‘WHOIS’ search platforms, from here you should make contact with the company, providing evidence that their platform is used to host criminal activity. Large hosting companies will have a ‘Report Abuse’ form which can be used to report the infringement, if the infringing website is hosted with a smaller provider you may have to find an email or other contact form to report this through.
Takedown requests could take anything between hours to days or even weeks. Some less reputable suppliers may simply ignore requests.
3. Report the page to search engines
Alongside the previous two steps, you should report the infringing website to search engines. This avoids potential victims visiting the forged website organically, and means that people will only reach the website by directly going to the infringing URL.
Google and Bing (the two most popular search engines) offer reporting points in which they will examine the report and if they deem it valid remove it from there search results. The reporting points can be found here:
Note: this does not mean the website will be taken down, it simply means it may stop appearing on Google and Bing results.
4. Take legal action
If all options are a no-go, you may need to pursue legal action. This may be in the form of an official cease-and-desist letter to the offender or to the hosting company.
In the event that neither responds, you can then move into filing proceedings, but, this is an absolute last resort due to its extreme stress on your time and resources. If you’re considering this route, make sure the damages you are suing for outweigh the money the lawsuit will cost you.
5. Warn customers
Whilst an impersonation website is active, you should post warning on your existing channels where possible.
This includes your website, social media, and email. The actions above may take time to resolve and this period is where your customers may be scammed. By warning people as early as possible you may save some reputational damage for your organisation.
6. Report it to us
As one of our sources of threat intelligence, our Cyber Concerns reporting form provides us with up-to-date intelligence on the latest threats and scams reaching the Island. For us to keep you informed and keep you safe, it is important that we see as many of the scams and frauds that are happening on the Island, but we can only do this if you tell us about them.
These reported concerns feed into all our communications and are also disseminated to our network of partners including the NCSC.
If you are a regulated entity consider reporting the issue to your regulator.