Profile image of %s Dom Tripodi

Dom Tripodi

Aug 20, 2024

Someone Copied My Website - What can I do?

You’re not alone. As your website increases in popularity, so does the target on your back. A very common issue I have recently seen is scammers copying a website, making it look identical and tricking customers into fake purchases. Below are a few steps you can take to fight this issue.

Please note: Basecamp has been used purely as an example domain and this is not a reflection on their company. Separate to this, Basecamp actually provide an excellent service that we utilise ourselves.

1. Ensure the website really did copy you

I have had clients claim a website copied them but it was just a competitor in another country wholesaling from the same supplier. There is no crime for competitors to sell the same wholesaled product with similar imagery that the supplier provides.

Look deeper at the websites contact information, about page, collection descriptions etc. and identify if there is copied text/images.

2. Search WHOIS to find the owner/registrant

There are many WHOIS tools you can use but you can just use the link in the title above to whois.com.

WHOIS is a protocol that queries databases which store information about an internets resource’s registered users or assignees.

Essentially, we are able to get further information on the registrar, name servers and abuse contacts.

3. Find the registrar and servers being used

The registrar should be one of the first snippets of information you see, along with any associated name servers.

The GOAL here is to identify as many points of contact possible to report the scammer to.

In this case, I can see that Basecamp utilises Cloudflare servers given the registrar is CloudFlare, Inc. and the name-servers belong to a sub-domain of cloudflare.com. We can also see that the raw data shows the registrar url as https://www.cloudflare.com.

4. Find the abuse contact email

You should also be able to find abuse contact details. These are contact details of the service provider that will listen to complaints.

We now should have the details of:

  • Registrar: The service used to register the domain.
  • Servers: Any related servers associated with hosting the domain.
  • Abuse Info: Contact information to send complaints for this domain.

5. Report the scam website to the registrar

You must notify the registrar that this domain is a scammer and provide proof with a few screenshots.

In this case the abuse contact would be [email protected].

Please note, the domain registrar may say that this is out of their scope but there is absolutely no harm is alerting them.

No one wants to be associated with representing scammers.

You need to write an email similar to:

Hi Abuse Team,

I run a business in (insert location) that is called (insert your business name). The real website can be found here: (insert your business URL)

A domain registered under you called (insert scammer domain) has scraped the site, ripped all of the information off and replaced (insert your business name) logo with their own.

We had a regular customer from our store report the website to us as they made a purchase off of the scam site - this is really bad.

Can you please action this immediately so we do not have any further customers being scammed.
(Attach screenshots of scammer site and your business site if available)

The most important part of this email is to clearly state who your business is, who the scammer is, how your customer or client has been scammed and that you want this actioned immediately.

6. Report the scam website to the hosting provider

It is important to report the scam not only to the domain register but also the hosting provider.

Again, in some cases they may state that this is not their responsibility but I repeat - no one wants to be associated with representing scammers - and alerting them does not hurt your cause.

In this case, I can see the registrar CloudFlare, Inc. is also the server hosting provider. Therefore I don’t need to complain any further.

If the server host and registrar are different, write into Google “Report a phishing website to (insert server host name)”. Most hosting providers have pages dedicated to reports.

7. Report the scam website to Google

Google have a direct page you can access to report phishing sites. If you did not know, this type of scam where a person pretends to be a reputable source in order to steal information is the definition of phishing.

Ensure you provide Google with the correct scammer URL and then put all your relevant information in the Additional details about the phishing violation field.

8. Follow up your reports

Do not hesitate to follow up your email if you have heard no response after several days.

I do not recommend spamming the service provider as this is not professional, however, a courtesy follow up is generally understandable.

Summary

If you run a website online then you are at risk of being imitated or copied. It is terrible and unethical but also becoming a common reality.

The best form of defence you have is to stay diligent and report the scammer to every relevant authority.

These are steps I follow myself as a bare minimum but I don’t guarantee it will result in success.

For the reader, I wish you luck in taking down the scammer and if you need any further assistance or consultation, feel free to reach out to me through our contact page.