The situation: You have a business website. A scammer copies it. They use your images. Your text. Pictures and names of your people. Their fraudulent site looks just like your real site. Indeed, their crime starts with website “spoofing,” and it usually involves a spoofed URL—similar to your real URL.
The need to act: Now, what are you going to do about the fake website? You must act quickly! Some fake websites are operated for only a few hours—creating immediate havoc with long term consequences—before the scammer moves on to the next target. More than one million fake websites are created every month, causing billions of dollars in losses every year. You must act immediately to protect your business and your customers.
Take down the cybercriminals
As a wrestler, I like takedowns. Even better, I like to proceed to a quick pin, which wins and ends the match instantly. The same approach applies in dealing with scammers. One must know the moves—the attacks and the counters—and one must execute swiftly and surely.
These scams and spoofs are not games. The scammers are committing big-time fraud, which is both a crime and a tort. Most of these rackets are run outside American borders, under aliases, and it’s hard to find the scammers, let alone apprehend and prosecute them. Nor will you want to wait for a final judgment to be rendered in the ordinary course of civil litigation.
According to the U.S. Department of Justice, losses to the global economy from all forms of cybercrime are measured in the millions of dollars per minute—in the trillions per year—and they’re still increasing rapidly.
The FBI receives complaints. You should file one—it can’t hurt—but don’t rely on the Bureau to prevent or take down the fake website. They have their hands full with scores of most-wanted cybercriminals, and there must be a thousand times as many active scammers whose frauds have not yet earned them a place on the most-wanted list.
For purposes of this article, we’re concerned mainly with minimizing losses to you, your business, and your customers. You will need to take the initiative to stop any current Internet fraud and to prevent it from occurring or reoccurring.
3 steps for cybercriminals to spoof your website
In a flash, scammers typically make a few small yet significant changes to your content:
- They register a domain name, adopting a spoofed URL, that may differ only slightly from yours;
- They copy your code—names, images and all—and make slight changes to phone numbers and email addresses; and
- As impostors, they start to present themselves as you on the internet and in emails.
Now, web and email traffic, inquiries, confidential information, and orders intended for you are diverted to the scammers.
4 reasons scammers copy your website
Internet scammers, including those who present fake websites, can have any number of nefarious motives. They might be:
- Holding you up to pay them to transfer the fake domain name to you;
- Siphoning sales from you and delivering fake merchandise to your customers;
- Phishing for confidential information like social security numbers, account numbers, passwords, or medical records for their own illegal use or sale anywhere, such as on the “dark web”; and/or
- Committing financial crimes—stealing money from you and your customers.
One thing you can be sure of: The scammers are up to no good. And their fraud committed in your name is bad for your business.
Your company’s website could be spoofed
You think it couldn’t happen to you? Think again. It costs about $10 to purchase a domain name from a registrar, and it takes only seconds to copy a website’s code. Stolen images and fake websites abound. Top fashion brands are popular targets. We handle such cases in federal court. But even lower profile businesses—perhaps your company is in this category—can be unsuspecting, making easier targets.
Big tech firms like Facebook, Apple, and Google, and financial companies like Chase and Wells Fargo, are targets of fake website scammers. So are luxury brands like Tiffany and Ray-Ban.
Some of the most sophisticated M&A law firms in New York, and their corporate clients, have been victimized by fake website scammers. The ABA Journal suggests that the scammers were sniffing for M&A deal information. Perhaps they were seeking to reap illegal profits in the stock market based on inside information.
Smaller businesses and law firms also are targets.
Ultimately, if you have any kind of successful business, you are a target for a fake website scammer.
We have dealt with fake website frauds—nipped them in the bud—on behalf of our clients.
7 steps to take against a scammer who copies your website:
In short, call your intellectual property (IP) lawyer—with specific experience in handling domain name disputes—who can act quickly to take the following key steps on your behalf.
- Quickly gather and assess the facts. See if you can identify the scammers behind the fake domain name. Unfortunately, the scammers are probably hiding their true identity, which they are permitted to do, for the sake of “privacy.” Next best: Identify the registrar of the fake domain name and the host of the fake website servers. This involves use of a WHOIS lookup, which is “not at all intuitive,” as admitted by Internet Corporation for Assigned Names and Numbers (ICANN), the organization responsible for managing the Domain Name System (DNS).
- Create a record of the fraud. File a complaint with the FBI and your local police department. As with most internet content, a simple click can make the fake website and all of its contents disappear without a trace. A record of the fraud will become useful.
- Prepare and send a Digital Millennium Copyright Act (DMCA) notice and takedown request to the host of the fraudulent website, especially if they’re in the U.S. Here again, the scammers are probably devious enough to use a host located outside the U.S., i.e., beyond the reach of the DMCA, which is a U.S. statute.
- Send a request to Google informing them of the copyright infringement and asking that they remove the scammer from their search results. This might take a few days or more—they receive over a million DMCA takedown requests every day. Needless to say, the first thing Google looks for is a complete DMCA request, including proof that you are the copyright owner. Don’t give the scammers precious time to steal from your business or your customers.
- If you have a trademark, you can prepare and file a complaint under the Uniform Domain-Name Dispute-Resolution Policy (UDRP) with ICANN. A complainant in a UDRP proceeding must establish likelihood of confusion between the fake domain name and your trademark and that the domain name is being used in bad faith. (If you haven’t registered your trademark, you should do so.) Successful claimants in a UDRP action can have the fake domain name transferred to them, so they can shut it down and prevent further fraudulent use.
- These steps probably will suffice to shut down the particular fake website—the specific URL— and, depending on the situation, maybe that’s all you need. But they won’t necessarily stop the scammer from popping up with another URL, and they won’t recover damages or legal expenses. For that kind of relief, we can file a complaint in federal court to obtain a restraining order and freeze accounts.
- Take action to prevent or deter future scams. Watch for trademark filings and domain name registrations. We set up these kinds of watches for our clients. Monitor activity on social media. Consider using Google Alerts to identify references to your company and your brands, including competitive or fraudulent activity.
In sum, shut the fake website down. Score a quick takedown. Pin the scammers. As you can see, you might need an IP lawyer to take the right steps quickly and surely. Call us. We can help you nip the fraud in the bud.