All Posts

How to get an illegal website taken down in 3 easy steps

Imitation is the sincerest from of flattery (or is it a phishing scam?)

Are scammers targeting your customers?

Online criminals continue to push the boundaries to find new ways to profit from illegal activities online. In the past, businesses we spoke with were primarily concerned with data security and ensuring their consumers data was safe from 'hacking'. Many tools have been implemented to prevent hacking and data theft online. SSL certificates, data encryption, 2-factor authentication and credit card verification methods to name a few. But, is it working?


Phishing, a growing global problem

We've seen a growing trend in eCommerce businesses being targeted by fake websites that replicate popular brands trying to fool customers into believing are authentic sites.

Depending on the popularity of the site, hundreds if not thousands of innocent customers may accidentally handover their passwords and account details, or worse... their credit card information. Remember that a lot of people still use one password for many online accounts, that is what the illegal operators of these scam websites are hoping for. Often, the customer doesn't even know they have been scammed. For our clients, they often learn of these imitation sites through customer service feedback. Even though the brand technically hasn't done anything wrong, the customer still feels betrayed by the brand they trusted (even if the website was an illegal clone).

Be proactive

If you are a retailer and are starting to gain some popularity with your brand, it pays to regularly check for these illegal phishing sites. If you find one, here's our process for having them removed which works 99% of the time (the other 1% of times you can reach out to us at


1) Find out where the domain is registered

Do a domain lookup otherwise known as a 'whois' search. We like using Godaddy's free tool which can be found here:

These whois searches will usually provide the DNS registry that is hosting the site. Find out who the host is and make a report to them about 'illegal phishing'.


2) Make the phishing report

Go to the DNS registry website, as an example or that was discovered in step 1. 

Because this issue is more common than you'd think, most of these sites have a form for you to submit your report. As an example for you can find their report form here:

In the report they will often ask for evidence of phishing. The best way to do this is to print screen or print to PDF the offending site, especially any page asking for user/password and credit card details. Often you'll also have to provide the genuine site details too.


3) The waiting game

Once you've submitted your report you typically need to wait 24 hours for a response. If the DNS registrar agrees that something 'phishy' is going on they will take action to close the site down. This can take an additional 24 hours. If they don't agree to your claim you'll have to build out a more solid report and try again. Remember the longer you wait, the more your customers are at risk of being scammed.


Hopefully this post can help you solve or avoid a problem. That's kind of what we are known for at alphawhale. If you hate problems or love solutions, get in touch with our team for a chat about your business.

Ask Us Anything



Nick Montagu
Nick Montagu
Nick is the Founder/CEO at alphawhale. He loves to dream big ideas and then break them down into *almost* impossible plans. Eats analytics for breakfast.

More from the Pod

How to avoid Google Merchant Centre account suspension

So your google merchant center account has been banned and you don't know what to do.
Continue Reading

Smashing a PB in digital growth for BodyScience

Using HubSpot frameworks and tools such as audience ad management integrations, a dedicated IP sender add...
Continue Reading

Why We're Not Celebrating "Australia Day"

January 26th - Australia Day - Invasion Day, Survival Day and Day of Mourning. Celebrating January 26th i...
Continue Reading