Clone Detection intermediate

How to Respond When Your Store Is Cloned

Discovered a clone site? Follow this step-by-step guide to document, report, and shut down fake stores.

30 minutes
7 steps
intermediate level

Before You Start

  • Clone site identified
  • Documentation tools ready

You’ve Found a Clone - Now What?

Time is critical. Every hour the clone operates, more customers may be scammed. Follow this process to maximize your chances of quick takedown.

Step 1: Document Everything

Before anything changes, capture evidence:

Screenshots

  • Homepage
  • Product pages
  • Checkout process
  • Contact pages
  • About/legal pages

Technical Details

  • Full URL of the clone
  • WHOIS information (domain registration)
  • Hosting provider details
  • IP address

Save with Timestamps

Use archive.org’s Wayback Machine to save permanent copies.

Step 2: Identify the Registrar and Host

Find Domain Registrar

Use WHOIS lookup tools:

  • whois.domaintools.com
  • who.is

Find Hosting Provider

Use tools like:

  • BuiltWith.com
  • WhatIsMyIPAddress.com

Note both - you’ll need to report to each.

Step 3: Report to Domain Registrar

Most registrars have abuse policies against fraud.

Find Abuse Contact

Look for:

Include in Report

  • Your identity and legitimate site
  • The fraudulent domain
  • Evidence of copying
  • Customer complaints if any
  • Trademark registration if available

Step 4: Report to Hosting Provider

Similar process:

Find Abuse Contact

Hosting providers have abuse desks for fraud.

Submit Report

Include same documentation plus:

  • Specific content being infringed
  • Evidence this is fraudulent operation

Step 5: Report to Google Safe Browsing

Get the site flagged as dangerous:

  1. Go to safebrowsing.google.com/safebrowsing/report_phish/
  2. Submit the clone URL
  3. Provide description of fraud

Once flagged, users see warnings before visiting.

Step 6: Alert Your Customers

Proactive communication protects your brand:

Social Media

Post explaining:

  • Fake sites exist
  • Your official domain
  • What customers should watch for

Email

Send to your list if appropriate.

Website Notice

Consider a banner or notice.

Step 7: Monitor and Follow Up

Track Your Reports

  • Note submission dates
  • Follow up if no response
  • Escalate if needed

Monitor for New Clones

One clone often means more will follow.

Update SecurEcommerce

Our detection continues monitoring automatically.

Response Templates

For Registrar

“I am reporting fraudulent use of domain [domain]. This site is an unauthorized copy of my legitimate business at [your domain]. The site is being used to scam customers by copying our design, products, and branding without permission. We request immediate suspension per your abuse policy. Evidence attached.”

For Google

“This site [URL] is fraudulently impersonating [your business name]. It has copied our legitimate website to scam customers into making purchases that will never be fulfilled. Our legitimate site is [your domain].”

Escalation Options

If standard reports don’t work:

UDRP Process

For trademark holders - formal domain dispute process.

Cease and desist, then litigation if needed.

Payment Provider Reports

If they use PayPal, Stripe, etc., report fraud there.

Related Guides

Guide

Enable Clone Detection

Activate clone site detection to know immediately when someone copies your store. Step-by-step setup guide.

Read more

Let SecurEcommerce Handle This For You

This guide works, but it takes time. SecurEcommerce automates security so you can focus on growing your business.

Install SecurEcommerce Free
★★★★★ 5/5 on Shopify 7-day free trial No credit card required