So you found a fake version of your store. Maybe a customer sent you a link, or you stumbled across it while Googling your brand. Either way, someone like you enough that they copied your site - your images, your product descriptions, maybe even your logo - and they're using it to scam people.
This happens more often than most merchants realize. Scammers are creating close to a million new phishing sites every month, and e-commerce stores are prime targets because the infrastructure is already built for taking payments. The problem got significantly worse in 2025, with fake online stores growing faster than ever.
Here's what to do about it.
First, Make Sure It's Actually a Malicious Clone
Not every similar-looking site is a scam. Before you go into takedown mode, verify that they're actually using your content.
Open the suspicious site and look for your exact product photos, your copy, your branding. If you're not sure about the images, right-click one of theirs and do a reverse image search. If your original product pages come up, that's your answer.
Also check the domain. Scammers love typosquatting, registering domains that look like yours at a glance (think "yourstoree.com" or "yourstore-official.com").
Document Everything Before You Act
You'll need evidence for takedown requests, and potentially for legal action down the road. Before you start contacting anyone, capture:
- Screenshots of every page using your content
- The URLs
- When you found it
- WHOIS records for the domain (whois.domaintools.com works fine)
Just dump it all in a folder and date it. You'll be glad you did if this drags on or if the scammer spins up another site later.
Figure Out Who's Hosting the Fake Site
To get the site taken down, you need to know who to contact. There are two parties that matter:
The hosting provider is whoever runs the server the site lives on. The domain registrar is whoever sold them the domain name. Sometimes they're the same company, sometimes not.
A WHOIS lookup will usually tell you the registrar. For hosting, you can run nslookup on the domain to get the IP address, then look up who owns that IP. Or just use a tool like BuiltWith. It'll show you most of what you need.
Send the Takedown Requests
Now you contact both parties and ask them to take the site down.
For the hosting provider: Send a DMCA takedown notice to their abuse contact. Keep it professional and include the basics: who you are, what content is being infringed, the specific URLs, and a statement that you own the original content. Most legitimate hosts will act on this within a few days. They don't want to be associated with fraud.
For the registrar: File an abuse report through their website or send an email to their abuse contact email. Explain that the domain is being used for phishing. Attach your evidence.
Also report to Google Safe Browsing at safebrowsing.google.com/safebrowsing/report_phish/. Once Google flags the site, visitors will see a big red warning page before they can proceed. This doesn't take the site down, but it cuts off most of their traffic.
If you're in the US, you can also file reports with the FTC (reportfraud.ftc.gov) and the FBI's IC3 (ic3.gov). These won't get you immediate results, but they help authorities track patterns and go after repeat offenders.
Tell Your Customers
If scammers are impersonating your store, some of your customers may have already encountered the fake, or they might soon. A quick heads-up can save them from getting ripped off and save you from the support headaches that follow.
Keep it simple: post on social media, send an email if you have a list. Confirm your real URL. Tell them what to look out for. Don't be dramatic about it, just factual.
This also reinforces trust. Customers appreciate knowing you're looking out for them.
Preventing the Next One
Getting one fake site taken down doesn't mean you're done. Scammers can spin up a new clone in hours. If your brand is worth copying once, it'll be worth copying again.
The only real defense is catching these sites early, ideally before your customers find them. That means some form of ongoing monitoring: scanning for copies of your store, watching for your images showing up on other sites, and tracking lookalike domains.
You can do this manually, but it's tedious and you'll miss things. There are tools that automate it, including StoreLock, which we built specifically for this problem. It monitors for counterfeit sites, tracks your product images across the web, and lets you send takedowns without leaving your dashboard.
Whatever you use, the point is to catch clones early - before they've had time to scam your customers and damage your reputation.
