A website impersonation attack (also known as website cloning or domain impersonation) occurs when a cybercriminal or hacker uses a forged version of your website or domain to lure your customers into visiting a fraudulent website.
With the increase in online business, website impersonation can be deemed as one of the easiest forms of cyber attacks. A common type of website impersonation attack is typosquatting, where an attacker uses a close variant of your domain name for impersonation (For example, bewiica.com instead of bewica.com). This domain can then be set up as a fake website to lure your customers into visiting.
To reduce the risk for your customers, it can be a good idea to pre-empt typosquatting attacks by registering common variants of your domain beforehand and to look out for any domain registrations that might look similar to your website.
Bewica's website cloning detection tool, included in our Level 2 subscription (Advanced Security) scans the web for registered domains that look similar to your own or reuse your own website's content. Whenever a potential impersonation or clone is detected, we notify you by email, enabling you to take prompt action to reduce the risk this potential impersonation poses.
Collaboration is always the key to avoid clients from being directed towards fraudulent websites. Our website impersonation tool not only assists you in identifying impersonating websites but can also help you in reporting them. Here are the best practices to take when you identify potential impersonations:
It is important to know if these suspicious websites are impersonating you and committing fraud. Some website may be legitimate while others may be a fraud. Before taking further action make sure that the other domain is involved in fraudulent activity. On the Bewica platform, we provide you with screenshots of the website to prevent you from visiting potentially harmful websites.
On confirming a website as an impersonation it is important to collect evidence regarding the fraudulent activities. Evidence may include but is not limited to:
After compiling all necessary details the next step would be reporting. On the Bewica platform, if you confirm that the website is suspicious, then we provide you with the relevant reporting options.
The first point of contact varies depending on whether the website’s domain is a Top Level Domain (TLD) or a country code TLD (ccTLD):
You can contact these registrars either via email or phone. Most registrars also offer an online reporting portal which can be used to lodge complaints of domain abuse.
It is also encouraged to report such cases of domain abuse to the designated authorities in the country who handle such cases. A specific portal for most European countries can be found here (https://www.europol.europa.eu/report-a-crime/report-cybercrime-online).
A report should contain:
If you feel that the impersonation is a real threat to your customers or employees, we recommend communicating with them to make them aware of the impersonation and to ensure that they are careful when browsing.
Continue to monitor the website and check if it continues to be a threat to your organisation. The Bewica portal continuously monitors any potential impersonations and emails you when we detect one that might require your attention, this website cloning detection service is included in our Level 2 (Advanced Security) subscription. Don't wait for an attack to happen. Start protecting your website today and create a free account of Bewica.