What is a fake website and why it matters
If you run an online store, there’s a real chance someone might try to copy it. Fake or fraudulent websites – sometimes called imposter sites or ghost stores – often mimic legitimate brands to trick customers into handing over personal information or money.
They can look incredibly convincing with the same branding, similar layout, even product photos taken directly from your site. Sometimes the only giveaway is a slightly different domain name.
These scams can:
- Capture customer data for phishing or identity theft
- Damage your brand’s reputation and credibility
- Cause financial loss through diverted sales
- Confuse customers and lead to negative reviews or complaints
- Cause your social media accounts – such as your Facebook page – to be restricted or taken down if frustrated customers report issues thinking they bought from your store
Protecting your brand from these fraudulent sites isn’t just about stopping scams – it’s about maintaining trust with your customers.
How to find out who’s behind the fraudulent site
Once you discover a website impersonating your business, your first step is to gather information.
Check the domain registration
Use a WHOIS search tool (like whois.com) to see:
- Who registered the domain (registrar and date). You can also check intoDNS for this information
- Where it’s hosted
- Whether contact details are public or protected
Even if the registrant’s identity is hidden, the domain registrar and hosting provider can be contacted for abuse reports.
Identify the hosting provider
Tools like “Who hosts this website?” or “DNS Checker” can reveal the server location or hosting company. Once identified, report the site to the hosting provider’s abuse department. Hosting providers take fraudulent activity seriously and often suspend sites quickly when presented with evidence.
Collect your evidence
Take screenshots of:
- The homepage and product pages
- Any checkout or form that captures user data
- Branding, logos and images copied from your site
- Contact details or payment gateways used
- Social media ads, if scammers are using these to drive traffic to the store
Document dates, URLs and key similarities with your legitimate website. This will form the basis of any takedown request.
Check for other fake domains
Fraudulent operators often register multiple lookalike domains. Search for variations of your brand name or misspellings across .com, .net, .co, or country domains to see if others exist.
Steps to shut it down and protect your brand
Here’s a clear action plan for dealing with a fraudulent site:
- Document everything. Save screenshots, URLs and registration data (see above)
- Report the domain and hosting provider. Use their abuse or infringement contact forms
- Submit complaints to authorities. Scamwatch, auDA (for .au domains) and the ACSC can all intervene
- Send a cease-and-desist notice. If you have trademarks or registered IP, reference them clearly
- Notify your customers. Publish a short update or social post warning of the fake site
- Secure similar domains. Buy common variations or misspellings of your own domain to block impersonators
- Monitor for new activity in your customer service channels and on social media
If the fake site is actively collecting user data or taking payments, report it immediately as a phishing or fraud site – many browsers and search engines will then block it.
Real examples of brand impersonation in Australia
Australia has seen a growing wave of brand impersonation scams, from boutique fashion to national retailers.
- Ghost stores – The ACCC has warned about fraudulent sites such as Everly Melbourne and Double Bay Boutique that pose as Australian fashion stores offering “closing-down” sales. These are offshore operations pretending to be local
- Major retail brands targeted – The Guardian Australia reported that well-known names like Sussan, Millers and Blue Illusion had fake websites advertised on Facebook and Instagram
- Industry pressure: In July 2025, the ACCC urged Meta (Facebook) and Shopify to act after identifying more than 140 fraudulent eCommerce sites impersonating Australian brands
A fraudulent website impersonating Blue Illusion, using a different domain name to appear legitimate.
One of our customers on Magento 2 had their website scraped and fraudulent transactions placed, on a URL that had nothing to do with the brand – ruprottion.com.
Even small businesses and independent retailers are being affected – especially those using Shopify, where store templates can be copied quickly.
How to Detect and Block Website Scrapers (Magento vs Shopify)
In some cases, fraudulent websites don’t just copy your public pages, they scrape your content and product data automatically using bots or scripts. These bots can copy your catalogue, images and descriptions directly from your store and rebuild them elsewhere.
When this happened to one of our customer’s Magento 2 store, we used a simple but effective technique to identify the scraper.
How it worked:
- We added a small hidden script (written in JavaScript) that embedded a unique identifier – the scraper’s IP address – as a comment in the HTML code
- This comment was invisible to normal visitors but appeared in the source code
- When the scraper’s bot copied our site, that comment – and the IP address – was copied over to the fraudulent version
- We then viewed the cloned site, located the hidden comment and confirmed which IP address had been used to perform the scrape
- Finally, we blocked that IP address at the server level, preventing them from accessing or re-scraping the site in future
This type of “digital fingerprint” is simple to implement and very effective for open-source platforms like Magento 2, where developers have full control over the codebase and server logs. You can add tracking scripts, monitor access patterns and block offending IPs directly.
For SaaS platforms like Shopify, direct server-side control isn’t available, but you can still:
- Monitor analytics for unusual spikes in traffic or requests from unknown regions
- Use Shopify’s bot protection and rate-limiting tools
- Report scraping or cloned sites to Shopify’s Legal or Abuse Team, who can suspend infringing stores
When to Use a DMCA Takedown Notice
If a fraudulent website has copied your product images, text, or overall site design – and is hosted on a platform or service with a U.S. presence – you can often have it removed quickly using a Digital Millennium Copyright Act (DMCA) takedown notice.
The DMCA is a U.S. law that protects copyright owners by requiring web hosts, registrars, and online platforms to remove infringing content once properly notified. Even Australian businesses can use it, since many major providers (like Shopify, Google, and Cloudflare) operate under U.S. law and respond to DMCA requests globally.
What to Include in a DMCA Request:
- Your contact information – name, email, and business details
- A clear description of the original content (e.g. your website or product imagery)
- URLs of the infringing content – direct links to copied pages or assets
- A statement of good faith that you believe the use is unauthorised
- A declaration under penalty of perjury that the information is accurate
- Your digital signature (typed name is acceptable)
Once a valid notice is received, most platforms act within 24–72 hours to suspend or remove the infringing material.
Where to Submit a DMCA Request:
If the fraudulent site uses a .au domain, you can also report it locally through auDA
under the .au Domain Administration rules.
How Digital Outlook can help
At Digital Outlook, we don’t just build eCommerce websites, we help protect them.
Our team can assist with:
- Investigating and identifying fraudulent domains
- Preparing detailed abuse and takedown requests
- Setting up domain monitoring to prevent future impersonation
- Implementing DMARC, SSL and other brand protection measures
- Publishing customer alerts and updates on your legitimate site
We’ve worked with many Australian retailers and eCommerce brands facing similar challenges – and we know how to get fraudulent sites taken down efficiently.
Contact us for more information.