Calendar white icon
Monday, January 25, 2021

Website impersonation: what to do when a cyber criminal impersonates your organisation through website cloning

What to do when a cyber criminal impersonates your organisation through website cloning.

What is website impersonation or website cloning?

A website impersonation attack (also known as website cloning or domain impersonation) occurs when a cybercriminal or hacker uses a forged version of your website or domain to lure your customers into visiting a fraudulent website.

With the increase in online business, website impersonation can be deemed as one of the easiest forms of cyber attacks. A common type of website impersonation attack is typosquatting, where an attacker uses a close variant of your domain name for impersonation  (For example, instead of This domain can then be set up as a fake website to lure your customers into visiting.

How to prevent website impersonation / website cloning?

To reduce the risk for your customers, it can be a good idea to pre-empt typosquatting attacks by registering common variants of your domain beforehand and to look out for any domain registrations that might look similar to your website.

Bewica's website cloning detection tool, included in our Level 2 subscription (Advanced Security) scans the web for registered domains that look similar to your own or reuse your own website's content. Whenever a potential impersonation or clone is detected, we notify you by email, enabling you to take prompt action to reduce the risk this potential impersonation poses.

What do if you become victim of a website impersonation attack?

Collaboration is always the key to avoid clients from being directed towards fraudulent websites. Our website impersonation tool not only assists you in identifying impersonating websites but can also help you in reporting them. Here are the best practices to take when you identify potential impersonations:

1. Confirm

It is important to know if these suspicious websites are impersonating you and committing fraud. Some website may be legitimate while others may be a fraud. Before taking further action make sure that the other domain is involved in fraudulent activity. On the Bewica platform, we provide you with screenshots of the website to prevent you from visiting potentially harmful websites. 

2. Collect 

On confirming a website as an impersonation it is important to collect evidence regarding the fraudulent activities. Evidence may include but is not limited to:

  • Screenshots and timestamps associated with screenshots.
  • Any consequence of impersonation like the violation of any copyright or trademark policies (which includes which policies were violated, what goods or services were associated with the infringed trademark, details of the organisation owning the copyright or the trademark) or fraud committed for monetary gains or access to confidential information (include abusive domain screenshots, paid invoices...etc.).
  • The website’s domain name, IP addresses, URL (always present URL’s in a non-clickable form)...etc.

3. Report

After compiling all necessary details the next step would be reporting. On the Bewica platform, if you confirm that the website is suspicious, then we provide you with the relevant reporting options. 

The first point of contact varies depending on whether the website’s domain is a Top Level Domain (TLD) or a country code TLD (ccTLD):

  • For a TLD, for example, .com, .org or .net, the first level of reporting should be done at the registrar or hosting provider level. In case the registrar is unresponsive a complaint can be lodged with the ICANN at
  • In case of a ccTLD like .uk, .us, .es, .co etc. ICANN maintains a repository which contains details regarding the registry handlers of different countries which can be found at Any issue with such domains should be taken up with them.

You can contact these registrars either via email or phone. Most registrars also offer an online reporting portal which can be used to lodge complaints of domain abuse.

It is also encouraged to report such cases of domain abuse to the designated authorities in the country who handle such cases. A specific portal for most European countries can be found here ( 

A report should contain:

  1. All the evidence.
  2. Contact details of your organisation.
  3. An explanation of why you think the website/domain is a potential impersonator.
  4. The desired outcome from reporting the abuse. For example suspension or termination of the illegal website, legal action etc.

4. Communicate 

If you feel that the impersonation is a real threat to your customers or employees, we recommend communicating with them to make them aware of the impersonation and to ensure that they are careful when browsing.

5. Monitor 

Continue to monitor the website and check if it continues to be a threat to your organisation. The Bewica portal continuously monitors any potential impersonations and emails you when we detect one that might require your attention, this website cloning detection service is included in our Level 2 (Advanced Security) subscription. Don't wait for an attack to happen. Start protecting your website today and create a free account of Bewica.

Mariyam Koshy
Cyber security analyst
Linkedin Icon - black background