Finding out that someone has cloned your Shopify store is alarming. Your branding, product images, descriptions, and even your store layout have been copied onto a fraudulent domain designed to deceive your customers. Whether the clone is stealing sales, harvesting credit card data, or simply damaging your reputation, every hour it stays online costs you.
This guide walks you through exactly what to do when you discover a cloned store - from gathering evidence to filing takedowns and preventing it from happening again.
Step 1: Confirm the Clone and Assess the Damage
Before taking action, verify that the site is genuinely a clone and not a coincidental similarity.
How you might discover a clone:
- A customer contacts you about a suspicious order or a domain they found through search
- You notice a spike in chargebacks or customer complaints about products never arriving
- A Google Alert or brand monitoring tool flags a new domain using your brand name
- You find your product images appearing on a site you don’t control
What to look for:
- Identical or near-identical product images, descriptions, and layout
- Your logo or brand name used on a different domain
- Pricing that is unusually low (a common tactic to lure buyers)
- Contact information that doesn’t match your business
Once you’ve confirmed the site is a clone, move to evidence collection immediately.
Step 2: Collect and Preserve Evidence
Documentation is essential for every takedown request and legal action. Gather the following before the clone site has a chance to change or disappear.
Evidence checklist:
- Full-page screenshots of the cloned site, including the homepage, product pages, checkout page, and contact/about pages
- URLs of every page that copies your content
- Timestamps - record the date and time of each screenshot
- WHOIS data - look up the domain registration details using a WHOIS lookup tool (e.g.,
whois.domaintools.com) - Source code snippets - right-click and “View Page Source” to capture copied HTML, CSS, or JavaScript
- Comparison screenshots - side-by-side images of your real store and the clone
Save everything locally and in cloud storage. If the clone disappears, you’ll still have proof.
Step 3: File a DMCA Takedown Notice
The Digital Millennium Copyright Act (DMCA) gives you the legal mechanism to demand removal of copyrighted content. Your product photos, written descriptions, and original design elements are protected under copyright.
Who to send the DMCA notice to:
- The hosting provider - Use the WHOIS data to identify who hosts the clone. Most providers have an abuse or DMCA contact email.
- The domain registrar - The company where the domain was registered also accepts abuse reports.
- Cloudflare or CDN providers - If the site uses Cloudflare, submit a DMCA report through their abuse form at
abuse.cloudflare.com.
What to include in your DMCA notice:
- Your full name, business name, and contact information
- A description of the copyrighted work being infringed (your store, product images, etc.)
- URLs of the infringing content on the clone site
- URLs of the original content on your real store
- A statement that you have a good-faith belief the use is unauthorized
- A statement that the information in the notice is accurate, under penalty of perjury
- Your physical or electronic signature
Most hosting providers will take action within 24-72 hours of receiving a valid DMCA notice.
Step 4: Report to Shopify
If the clone is running on Shopify’s platform, report it directly through Shopify’s Brand Protection form. Shopify takes intellectual property infringement seriously and has a dedicated team that reviews these reports.
Even if the clone isn’t on Shopify, reporting the domain helps Shopify’s ecosystem stay clean and may assist in cross-referencing known bad actors.
Step 5: Report to Google Safe Browsing
Getting the clone flagged in Google’s Safe Browsing database is one of the most effective actions you can take. Once flagged, browsers like Chrome, Firefox, and Safari will display a full-screen warning before anyone can visit the site.
How to report:
- Visit Google Safe Browsing Report and submit the clone’s URL
- If the clone is appearing in Google search results, use Google Search Console to submit a removal request
- File a report through Google’s DMCA dashboard at
support.google.com/legal
This can dramatically reduce traffic to the clone within days.
Step 6: Alert Your Customers and Social Media Followers
Transparency protects your customers and your reputation. Let your audience know about the fraudulent site so they can avoid it.
Actions to take:
- Post a warning on your social media channels (Instagram, Facebook, X/Twitter) identifying the fake domain
- Send an email to your customer list explaining the situation and reminding them of your official URL
- Add a banner or notice on your real store temporarily alerting visitors
- If you have a blog, publish a brief notice with the details
Be clear and factual. Provide your official domain and advise customers to verify they’re on the correct site before making purchases.
Step 7: Explore Legal Options
For persistent or high-damage cloning, legal action may be necessary.
- Cease and desist letter - A lawyer can send a formal demand to the clone operator (if identifiable through WHOIS or other means)
- Trademark infringement claims - If you have a registered trademark, you have stronger legal standing for takedowns and lawsuits
- Report to law enforcement - In cases involving significant financial fraud, report to the FBI’s IC3 (Internet Crime Complaint Center) or your country’s equivalent
- Domain dispute (UDRP) - If the clone uses a domain confusingly similar to your trademark, file a Uniform Domain-Name Dispute-Resolution Policy complaint through ICANN
Legal action costs more but sends a strong signal, especially to repeat offenders.
Step 8: Prevent Future Clones
Reacting to clones is necessary, but prevention is far more efficient. Setting up ongoing monitoring ensures you catch clones early - before they gain traction.
Preventive measures:
- Domain monitoring - Track new domain registrations that resemble your brand name or include your keywords
- SSL certificate monitoring - Watch for new SSL certificates issued for domains containing your brand
- Search engine monitoring - Regularly search for your brand name plus terms like “discount,” “sale,” or “official” to catch clone sites appearing in search results
- Reverse image search - Periodically run your product images through Google Images or TinEye to find unauthorized use
- Watermark product images - Add subtle watermarks to make copying less attractive
SecurEcommerce automates much of this monitoring for Shopify merchants. The platform continuously scans for look-alike domains, tracks SSL certificate issuance, and alerts you when potential clones appear - giving you the ability to act before customers are affected.
Conclusion
Discovering a clone of your store is stressful, but following a systematic approach makes the response manageable. Collect evidence first, file DMCA takedowns with hosting providers and registrars, report to Google Safe Browsing, alert your customers, and set up ongoing monitoring to catch future attempts early.
The merchants who recover fastest are the ones who already have monitoring in place. Proactive detection turns a potential crisis into a quick takedown - and keeps your brand and customers protected.