How To Protect Your Brand From Fake Websites and Online Impersonation

We are observing a rise in fake websites offering investment-related services. Many of these impersonate well-known brands by creating replicas of their official websites. Unsuspecting visitors interact with these fake websites, fall victim to scams, and lose large sums of their hard-earned money. It is crucial for original brand owners to take immediate action against such fraudulent websites.

If someone creates a fake website pretending to be your business, here’s what can go wrong:

• People might visit the fake website thinking it’s yours. They could end up buying products or services, sharing their personal details, or making payments, all while thinking they’re dealing with you.
• If customers have a bad experience with a fake website, they’ll blame your business because they think it’s the real one. This can lead to negative reviews and loss of trust.
• The fake site might collect sensitive information like passwords, credit card details, or other personal information, putting your customers at serious risk.
• If the fake website does something illegal, like spreading malware or running scams, it could harm your business’s name, and you might have to take action to prove you’re not involved.
• The fake website might send emails or messages pretending to be from your business, tricking people into clicking malicious links or downloading harmful files.

The fake website might send emails or messages pretending to be from your business, tricking people into clicking malicious links or downloading harmful files.

Fake website impersonating your business is a serious matter and it needs immediate attention and action to address the situation. Many times, business owners are clueless about what to do if they end up in this situation.

Here’s a step-by-step guide to address the situation:

Step 1. Document the Evidence

Take screenshots of the fake website, including:

• URL
• Contact information.
• Any content that proves it’s an imitation.

Step 2. Get a hosting provider and domain registrar for the fake website.

To find the domain registrar of the fake website, you can perform a WHOIS lookup. This reveals details about the domain, such as its registrar, registration date, and hosting provider. Here’s how you can do it:

Use a WHOIS Lookup Tool

• Visit any reputable WHOIS lookup website, such as:

https://whois.domaintools.com/

https://who.is/

https://lookup.icann.org/ (ICANN’s official tool)

• Enter the URL of the fake website in the search box.
• Submit the query.

Analyse the Results

Look for the following information:

• Registrar: This is the company where the domain was registered (e.g., GoDaddy, Namecheap, etc.).
• Name Servers: Can indicate the hosting provider.
• Contact Information: Sometimes includes the domain owner’s details, unless privacy protection is enabled.

Automated Tools

Some advanced tools combine WHOIS and DNS information for better insights:

• MXToolbox
• Domain Dossier

Save the source code if possible and note down any suspicious details (hosting provider, etc.).

Step 3. Notify the Hosting Provider

• Use a WHOIS lookup service to identify the hosting provider and domain registrar of the fake website.
• File a complaint with the hosting provider, providing evidence of the infringement. Most hosting companies have an “Abuse” or “DMCA” reporting process.
• Request them to take down the website for copyright infringement and fraud.

Step 4. Report the Domain Registrar

• If the WHOIS lookup reveals the registrar, report the fake website to them directly.
• You can usually find a “Report Abuse” section on their website.

Step 5. Inform the Search Engines

Report the fake website to major search engines like Google and Bing:

• Use Google’s Safe Browsing Report for phishing or fraud.
• Similar tools are available for Bing and other search engines.
• Anti-Phishing Working Group (APWG): Report phishing sites to reportphishing@apwg.org. The APWG maintains a global database of phishing threats.
• PhishTank: Submit the phishing URL to PhishTank, a free community-based platform that verifies and tracks phishing websites.
• Many antivirus companies, including Quick Heal, McAfee, or Norton, have ways to report malicious URLs. Check their website for a “Report a Threat” section.

Step 6. Notify Local Authorities and Cybercrime Cells

• File a complaint with your local cybercrime unit or police. Provide all evidence of the fake website.
• In India, you can file a report at the National Cyber Crime Reporting Portal.
• Many countries have a Computer Emergency Response Team (CERT) for cybersecurity issues. For example, in India, you can report phishing websites to CERT-In at incident@cert-in.org.in

Step 7. Warn Your Customers

• Add a notice on your official website and social media platforms about the fake website.
• Clearly state the official URL of your business and warn customers to avoid other sites.
• Share your official contact details and encourage customers to verify before transacting.

Step 8. Use Anti-Fraud Tools

• Employ tools to monitor mentions of your brand name or domain (e.g., Google Alerts, BrandShield).
• Consider subscribing to cybersecurity services that offer domain monitoring to detect such threats early.

Step 10. Improve Website Security

• Use HTTPS for your official website to indicate trustworthiness.
• Display a clear trademark or copyright notice on your website.
• Implement unique features on your site that are hard to replicate.

Step 11. Spread Awareness

• Educate customers on how to identify your genuine website.
• Use social media campaigns and email newsletters to spread awareness about the fraud.