What to do about a spoofed web site that isn't obviously fraudulent?
February 12, 2008 9:13 AM   Subscribe

I just found out our web site is being spoofed. The site is outdated (we've made major changes since this was copied) but they've gone so far as to create a similar logo with a similar name as our organization (and the URL is also similar). At first I thought I'd find evidence of credit card phishing when I clicked on the donate links, but surprisingly, they still go to our real donation page (outside vendor) or to a 404. The only thing I can really see that might be the benefit is some links on the homepage that link to outside sites (ad revenue? search rankings?) and possibly e-mail harvesting if anyone actually clicks on the mailto links. Also, some of the links on the homepage are just anchor links. Is that worth a spoofed site? Is there something else that might be going on? And most importantly, what can we do about it knowing that all the domain registration info for the site is bogus (aside from the person's name, all the contact info is our own).
posted by unsigned to Computers & Internet (8 answers total) 1 user marked this as a favorite
If all the contact information on the registration, except for an individual's name, points to your company, you ought to be able to get control of the domain, which means you can re-point it to your actual site's servers, which would fix the problem.

As to why, it's hard to tell. Maybe it's a work in progress. Maybe it's even a relic of your own operation, parked by a designer on some outside server.
posted by beagle at 9:35 AM on February 12, 2008

you ought to be able to get control of the domain -- I meant to add: by contacting the URL registrar, like NetSol, GoDaddy, whoever it is.
posted by beagle at 9:37 AM on February 12, 2008

It's probably SEO.
posted by Steven C. Den Beste at 9:39 AM on February 12, 2008

Having dealt with this stuff before, know that the domain registration is not the avenue of pursuit you need to take if you want a site down. Most registrars won't lift a finger to help unless there's something patently and massively bad.

You need to address this with whomever is hosting this website. Use a site like DNSStuff to determine where the website is hosted, then contact the hosting provider's abuse department via email or phone. Explain to them that your site is being phished, give them the URL of your livesite and the fakesite, and make it very clear why you think this site should be brought down.
posted by phredgreen at 10:30 AM on February 12, 2008

i'm thinking simlilar to beagle, here. if the bogus site's registration info is the same as the real company's, couldn't you just tell them that X contact at your company has left, and update the bogus DNS to point to your real site?
posted by ArgentCorvid at 10:34 AM on February 12, 2008

Yes, take control of the domain. The registrar will have you fax/send a letter on company letterhead and maybe some other hoops to jump through, then you won't have to deal with it anymore. Plus, you might get extra traffic and/or donations out of it!
posted by rhizome at 10:59 AM on February 12, 2008

...after you point the domain at your existing site, that is.
posted by rhizome at 11:00 AM on February 12, 2008

beagle's suggestion all depends on who or what is listed as the registrant of the domain.

If the company name is listed as the domain's registrant, you're golden. You can take a claim to the registrar and snap it up with a few forms/documents.

If the knucklehead's name is listed as the registrant, you might be able to make a copyright claim on the domain name, but that's iffy and gets complicated.

admin/technical/billing/zone contacts don't matter in this process.
posted by phredgreen at 11:01 AM on February 12, 2008

« Older Which scientific journals to search for global...   |   Is Continental going to punish me for evading... Newer »
This thread is closed to new comments.