Fake websites on the rise: what to do when fraudsters imitate your business
Fake websites are becoming more prevalent, and the fraudsters’ tactics are becoming more sophisticated. Here’s what you should consider if you come across a scam website which imitates your business.
It is more than likely that your email inbox in the last few weeks (if not months!) has been bombarded with an avalanche of sales promotions with promises of heavy discounts, from skincare products, home appliances, sporting equipment and apparel to electronics and children’s toys.
Promotions like Black Friday, Cyber Monday, Click Frenzy and (the once unthought of) “pre-Christmas sales” are now some of the biggest shopping events in the calendar year. In recent years, the popularity of these events and the size of the discounts have often surpassed the previously unrivalled Boxing Day sales.
Against this backdrop of mega sales and budget-conscious shoppers, internet scams are on the rise. In particular, we are seeing more and more fake or scam websites popping up across the web. These websites seek to divert website traffic from legitimate retailers to the scam website and mislead consumers as to the trade source of the goods and/or services.
At a glance, the fake website can appear legitimate, and at times, it can be hard to differentiate between a scam website and a legitimate business’ website. The fake websites are often linked to domain names which appear legitimate (like “www.shop[mybrand].store” or “www.[mybrand]sale.com”) and use official logos and photographs taken from the genuine website.
This has happened to my business! What should I do now?
If you become aware of a scam website that is imitating your business, it is important to act quickly. In many cases, it will be appropriate to consider the following steps.
1. Try to identify who is operating the website
If accessible, you should try to obtain the details of the third party that has registered the domain name where the scam website is located. In many cases, the fraudsters will have hidden their identity. However, if you can find a contact email address (either via a “Whois” search or on the website itself), lawyers can send a letter demanding that (among other things) the website be deactivated.
2. Send a take-down notice to the website host / registrar
Fraudsters (as is their nature) might ignore a letter of demand. If so, you can send take-down notices to the website’s host and/or the registrar of the domain name. These are invariably legitimate businesses themselves, with policies in place which prohibit (among other things) their domain name registry / website hosting service from being used for nefarious purposes.
Even if your lawyer’s letter of demand (see step 1) is ignored, sending such a letter in the first instance helps to show third parties like domain name registrars that you have tried to deal with the issue independently before involving them. In our experience, this can improve the prospects that the registrar will take-down the website promptly.
3. Try to secure the offending domain name
Sometimes the website will be taken down promptly. Sometimes it won’t. In any event, while the domain name is registered in the name of a third party, there is always the possibility that it could be reactivated (or transferred to their equally dodgy cousin) and used to harm your business in the future.
To prevent this, it will often be worth seeking to have the domain name transferred to your business. This can be achieved by filing a Uniform Domain Name Dispute Resolution Policy (UDRP) complaint.
Filing a UDRP complaint can also deliver ancillary benefits. Where a domain name registrant has hidden their details so that they are not visible upon a “Whois” search, those details are disclosed to you after you file a UDRP complaint. If this enables you to identify the person or entity behind the unlawful conduct, it may be possible to take further enforcement action against them. For example, where justified based on the location of the person / entity and economics, court proceedings to recover compensation arising from the unlawful conduct can be considered.
4. Deal with associated social media accounts
Where fraudsters are operating a fake website, they will often also be operating fake social media pages / accounts which link to the website. Social media platforms generally have policies and processes regarding IP infringements being committed (or facilitated) via their platforms. We regularly assist our clients to prepare and submit complaints and takedown requests to those platforms in order to have the offending material removed and/or have the offending accounts disabled.
How can I stop this from happening again?
Trying to stop fraudsters from targeting your business might, at times, feel like a game of “Whack-a-Mole”. However, as unethical as their conduct might be, fraudsters can be surprisingly logical folk. Like legitimate businesses, concepts like “opportunity cost” and “return on investment” are also relevant to fraudsters. This means that if you can make it more difficult, costly and time consuming for fraudsters to target your business, they might just move onto someone else and leave you alone.
With this objective in mind, here are some things you might consider.
1. Adopt a “defensive” domain name strategy
Rather than only reacting when problems are identified, you might consider buying up as many domain names that include your key brands as possible. This kind of “defensive” domain name strategy can be an excellent, proactive way to prevent and deter these types of scam attempts.
2. Maintain a regular watch
In addition to selling more widgets, you might consider instructing someone in your marketing team to maintain a regular online watch to monitor for scams involving your business. This can help to identify fake websites as early as possible, and before they have done much harm to your business or brand.
3. Make sure your trade marks are registered
Speaking of brands, it is critical to ensure that your brands are properly protected. This is done by ensuring that you have trade mark registrations for all of your business’ brands, and which cover the goods and services for which they are used. You should also make sure that your trade marks are registered in all of the jurisdictions in which they are used. Otherwise, you make it much easier for sophisticated fraudsters to target your business, and it is much harder to deal with fraudsters when they are identified.
Tips and tricks for consumers to spot a scam website
Finally, for consumers, here are a few useful tips and tricks you can use to spot a scam website:
- Unusual website URL: Be wary of unusual website URLs which may include the purported retailer’s name (or a variation or slight misalignment of the retailer’s name) with the addition of an unnecessary, or descriptive word such as “shop”, “cheap”, “sale” or “buy”.
- The price: If the price seems too good to be true, it probably is. Be mindful when the seller is creating a sense of urgency to purchase the product, ie. that it is a “once in a lifetime offer” or the products are sold “for a limited time only”.
- Spelling, grammar, odd formatting and key information: Does the website have Terms and Conditions? Is there an About Us or Contact Us section? If you notice contradictory information on the website, or multiple spelling and grammatical errors in key documents such as the Terms and Conditions and/or Returns Policy, this can be a red flag. Similarly, if you read the fine print and it appears generic or filled with errors, then chances are that the website is not legitimate.
- Payment method: If you notice that the website is only accepting payment in the form of a direct debit bank transfer, money order or through virtual currencies, you might pause and reconsider the purchase. If the website is indeed a scam website, it could be very difficult (or impossible) to get your money back.
- Look for the symbol next to the website URL: Always look to see if the website uses the padlock symbol next to the top left-hand side of the website URL. This can indicate that the website is secure. However, caution should still be exercised even when websites use the padlock symbol as it cannot be relied upon completely. It is still possible for scammers to get fake security certificates which enable them to use this symbol.