COVID-19 Products and Support Update September 18, 2020, see more information here. View PPE Products

What Happens If Your Website Is Spoofed?

Steps to quickly address the reputational risks of this internet hoax

It has happened close to home; Wisconsin Banks have experienced the event known as website spoofing that resulted in customers receiving emails that appeared to come from the bank, but were part of apparent malicious activity related to the copy of the institution’s website. 

Website spoofing is the act of creating a copy of a website as a hoax or potentially using theft of the images from the real site, or this may simply be mimicking your website to appear real and send out malicious (phishing) emails in an attempt to gather information. In either case the spoofing website potentially could contain copyrighted material. The intent could be of simply misleading readers attempting to perform malicious activity such as theft of customer credentials, or simply an abuse to the reputation of the impacted institution with unflattering comments or pictures. Normally, the spoofed website will adopt a very close design from the target website and may have a very similar URL, often using a spoofed website URL that has only a letter or two changed.

A more sophisticated attack results in the attacker creating a "shadow copy" of the "www" by having the victim's traffic go through the attacker's machine, causing the attacker to be able to obtain the victim's sensitive information.

Spam, Copyright, Trademark, Morally Objectionable Content, Political Bias and Defamation Complaints can all be part of what you are experiencing. If you believe the domain using your services is engaged in spam, abuse, or any illegal or unlawful activity you will want to take action quickly. 

The Digital Millennium Copyright Act (DMCA) (www.copyright.gov/legislation/dmca.pdf) criminalizes the act of circumventing an access control, whether there is actual infringement of copyright itself or not. A DMCA takedown notice is sent by a copyright holder to a web host or hosting registrar, requesting removal of infringing content or take down/blocking of the offending URL. DMCA identifies that a hosting company must remove content from a user's website that may appear to constitute copyright infringement after the host receives proper notice or the host loses safe harbor and can be sued. Material does not need to be registered with the U.S. Copyright Office in order for you to request a takedown. It is possible to take action on what the law already supports. Consider involving legal counsel when taking these types of actions. When the incident involves other countries; legal action may be very difficult to enforce.

There are really quite simple steps required to request a takedown and stop the offending actions.

  1. Take screenshots of the infringing site, and document the URL.
  2. Locate the website's host.
  3. Determine the Copyright Agent.
  4. Draft the takedown notice.
  5. Reach out to the registrar and/or to the hosting company, inform them of your copyrighted material on the spoofed site, any other malicious activity (phishing) or problems (reputation issues), and the site will hopefully be taken down promptly.

WhoisProtectService.net is an example of a service that can assist with the takedown process. They are a provider of domain names, registration privacy, and proxy services. The company has been involved in the domain name registration business for many years. WhoisProtectService.net registration privacy service conceals your domain's public WHOIS record, containing your actual contact and personal information, from common harassments such as spammers, scammers, stalkers, telemarketers, identity thieves, and any other third parties who might be using your personal and contact information without your consent.

Another source to consider for assistance and place that the issue should be reported to is the Wisconsin Statewide Intelligence Center (WSIC) at www.wifusion.org, cybercrimes@doj.state.wi.us or call them at 888-DCI-WSIC (324-9742).

There are also very good resources available from the Anti-Phishing Working Group's sponsoring members that can be found at https://apwg.org/sponsor-solutions. And of course you can always reach out for assistance from FIPCO using email address itservices@fipco.com or visit the resources web page at; www.fipco.com/itresources.