SKILL.md
$27
Item
Action
Full URLs
Document all key pages of the fake site
Screenshots
Homepage, product pages, logo, layout; include date/time
Comparison
Side-by-side: official vs fake (layout, logo, copy similarity)
WHOIS
Use ICANN Lookup for registrar, creation date, registrant
Hosting
IP lookup to identify hosting provider
Reporting Channels (Priority Order)
Channel
Entry
Use Case
Domain registrar
Abuse / Report Misuse on registrar site
Brand impersonation, trademark, fraud
Hosting provider
Same; submit abuse form
Hosting infringing content
Google Safe Browsing
Phishing / impersonation risk
Google Trademark
Trademark Complaint or trademark@google.com
Trademark infringement in search; requires registered trademark
Bing Content Removal
Copyright/trademark; content removal from Bing
Payment processors
PayPal Resolution Center, Stripe support
If fake site accepts payments; report fraud
Social platforms
X, Facebook, Instagram abuse forms
If fake site is promoted or linked there
Google Ads / Microsoft Ads
Platform trademark complaint forms
If impersonator runs brand ads
DMCA
To hosting provider
Copyright infringement; images, copy, design copied
ICANN
If registrar does not respond within reasonable time
Report content: Include full URL, clear description of fraudulent activity, and all evidence (screenshots, logs).
Reporting Best Practices
Registrar vs hosting: Use ICANN Lookup for registrar. For hosting, use IP lookup (HostingCheckerOnline, HostingDetector, ipinfo.io) to find origin server—registrar may be Cloudflare while origin host is elsewhere; report to both.
Cloudflare as registrar: Use abuse.cloudflare.com or abuse form; select "Phishing & Malware" for impersonation. Email complaints are generally not processed; use the online form. Provide specific URLs of infringing pages.
Hosting detection: Sites behind Cloudflare CDN hide origin IP. Use reverse IP lookup or hosting detection tools to identify underlying host; submit abuse to that provider as well.
Parallel reporting: Submit to registrar, host, and Google Safe Browsing simultaneously; do not wait for one before others. Google trademark review takes 1–8 weeks.
Legal Options
Option
When
Notes
Cease and desist
Trademark infringement
Lawyer-drafted; often first step
DMCA takedown
Copyrighted material copied
Images, copy, design; hosting providers typically comply
Consumer protection
Scam / fraud
FTC ReportFraud.ftc.gov (US)
Law enforcement
Financial loss, identity theft
IC3 (FBI) for cybercrime
Prevention Measures
Defensive Registration
- Register brand+ai, brand+app, brand+official, etc. See domain-selection for defensive registration.
- Redirect variants to main domain; do not deploy separate sites.
Official Site Verification
Place "Official website: [domain]" prominently:
- Homepage (above fold or hero)
- Sign-in / Sign-up pages
- Pricing / Payment pages: "Only pay at [official-domain]. Do not enter payment on other domains."
- Footer: "© [Brand]. Official site: [domain]"
- FAQ: "How do I verify I'm on the official site?" → "The only official URL is [domain]. Any other domain is not affiliated."
Use trust-badges for verification signals. See about-page for identity declaration.
Customer Support (Payment Fraud)
When users report "can't use after payment" but no record exists—likely paid on fake site:
- Verify source: Ask which URL they used (request screenshot or URL).
- Response template: Explain that the only official site is [official-domain]; if they paid elsewhere, that site is not affiliated. Recommend: (a) dispute charge with payment provider, (b) use only [official-domain] going forward.
- Roll out template to support team; ensure consistent messaging.
User Education
- Social media pinned post / announcement: "Only use [official-domain]"
- Email signatures, support replies: link to official domain only
Traffic Recovery (When Impersonation Intercepts Search)
Tactic
Purpose
Brand search ads
Run Google Ads and Microsoft Ads on brand terms; ensure official site appears first for brand queries
SEO
Strengthen official site for branded queries; Organization schema, clear H1, meta tags. See schema-markup, title-tag
Social
Pinned post: "Only use [official-domain]. Beware of impersonation."
Monitoring (Ongoing)
- Periodic search: brand name + common variants (e.g., brand+ai, brand+app)
- See brand-monitoring for monitoring setup, tool selection, and cadence
Timeline (Typical)
Phase
Focus
Immediate (Days 1–3)
Support template; site declaration; evidence collection
Short-term (Week 1–2)
Abuse reports; Google Safe Browsing; DMCA if applicable
Traffic (Week 2+)
Brand ads; SEO; social announcement
Ongoing
Monitoring; defensive registration if feasible
Implementation Checklist
Short-term (1–2 weeks): Evidence collection; abuse reports to registrar and host; Google Safe Browsing report; DMCA if applicable; add "Official website" on site.
Medium-term: Add impersonation guidance to domain-selection; official verification to trust-badges, about-page.
Long-term: Periodic search (brand + variants); brand monitoring (BrandShield, Doppel); defensive registration of variants.
Output Format
- Evidence package (checklist, evidence list)
- Report templates (registrar, hosting, Google)
- Timeline (immediate vs medium vs long-term actions)
- Prevention (defensive registration, site verification, user education)
References
- Cloudflare Abuse Reporting — use online form; select Phishing & Malware
Related Skills
- domain-selection: Defensive domain registration; brand variants
- rebranding-strategy: When rebranding, sync brand protection checks
- brand-monitoring: Proactive monitoring setup; tool selection; this skill = reactive takedown
- branding: Brand asset protection; consistency
- trust-badges: Official site verification signals
- about-page: Official identity and domain declaration
- homepage-generator: "Official website" placement
- google-ads, paid-ads-strategy: Brand search ads for traffic recovery
- schema-markup, title-tag: SEO for branded queries